ESC2015 esc2015 https://www.cryptolux.org/mediawiki-esc2015/index.php/ESC_2015 MediaWiki 1.31.8 first-letter Media Special Talk User User talk ESC2015 ESC2015 talk File File talk MediaWiki MediaWiki talk Template Template talk Help Help talk Category Category talk 0 1 1 2014-06-30T08:43:16Z MediaWiki default 0 wikitext text/x-wiki '''MediaWiki has been successfully installed.''' Consult the [//meta.wikimedia.org/wiki/Help:Contents User's Guide] for information on using the wiki software. == Getting started == * [//www.mediawiki.org/wiki/Manual:Configuration_settings Configuration settings list] * [//www.mediawiki.org/wiki/Manual:FAQ MediaWiki FAQ] * [https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce MediaWiki release mailing list] b7a3846f2c55072191227d89a3204fe379288fee 8 2 2 2014-06-30T08:48:13Z Yann 1 Created page with "* ESC 2015 ** ESC 2015 | Home ** Proceedings | Proceedings ** List_of_participants | List of participants ** Getting_there | Getting there ** Seminar_program | Seminar program..." wikitext text/x-wiki * ESC 2015 ** ESC 2015 | Home ** Proceedings | Proceedings ** List_of_participants | List of participants ** Getting_there | Getting there ** Seminar_program | Seminar program ** Special:Abstracts | Talk abstracts ** Rump_session | Rump Session ** Discussion | Discussion * SEARCH * TOOLBOX d4ebc115bc5bdb0290f57afdf5c5e30ba3540053 0 3 3 2014-06-30T09:19:54Z Alex 2 Created page with "__NOTOC__ == Early Symmetric Crypto (ESC) seminar == 12-16 January 2015 in Clervaux, Luxembourg === Program Chairs === Alex Biryukov Joan Daemen Stefan Lucks Serge Vaude..." wikitext text/x-wiki __NOTOC__ == Early Symmetric Crypto (ESC) seminar == 12-16 January 2015 in Clervaux, Luxembourg === Program Chairs === Alex Biryukov Joan Daemen Stefan Lucks Serge Vaudenay === The List of topics === * Authenticity * Integrity * Privacy * Block Ciphers * Stream Ciphers * Hash Functions * Authenticated Encryption * Lightweight crypto * Provable Security * Cryptanalysis * Algorithmic challenges in SK and PK crypto (Groebner bases, lattices, multivariate crypto, factoring, etc.) === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. === Tourism === Clervaux Vianded Hikes === Weather === e8a23ab9a5d58bf143a5448e41e995494005e4c8 8 3 2014-06-30T10:38:05Z Alex 2 wikitext text/x-wiki __NOTOC__ == Early Symmetric Crypto (ESC) seminar == 12-16 January 2015 in Clervaux, Luxembourg Early Symmetric Cryptography (ESC) is a bi-annual event (2008, 2010, 2013) taking place in Luxembourg and paired with Dagstuhl seminars (2007, 2009, 2012, 2014) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: • symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and • complex cryptosystems and cryptographic protocols employing these primitives • algorithmic challenges in public and symmetric cryptography. Special sub-topics that will be explored this year would be: *Evaluation of submissions for the authenticated encryption competition (CAESAR) sponsored by NIST. *Evaluation of candidates for the currently running password-hashing competition. *Design and analysis of lightweight cryptography (this topic is in line with the CORE ACRYPT project). The aim of the workshop is to bring together leading experts and talented junior researchers. The exceptional feature of this seminar is that at least half of the participants are also speakers, since they are invited to give presentations on their most recent or on-going research. === Program Chairs === Alex Biryukov Joan Daemen Stefan Lucks Serge Vaudenay === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * Algorithmic challenges in SK and PK crypto (Groebner bases, lattices, multivariate crypto, factoring, etc.) === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === 3ceed63a9c483e5428680ca4db7c4fc69e012da1 9 8 2014-06-30T10:39:04Z Alex 2 wikitext text/x-wiki __NOTOC__ == Early Symmetric Crypto (ESC) seminar == 12-16 January 2015 in Clervaux, Luxembourg Early Symmetric Cryptography (ESC) is a bi-annual event (2008, 2010, 2013) taking place in Luxembourg and paired with Dagstuhl seminars (2007, 2009, 2012, 2014) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: • symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and • complex cryptosystems and cryptographic protocols employing these primitives • algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers. The exceptional feature of this seminar is that at least half of the participants are also speakers, since they are invited to give presentations on their most recent or on-going research. === Program Chairs === Alex Biryukov Joan Daemen Stefan Lucks Serge Vaudenay === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * Algorithmic challenges in SK and PK crypto (Groebner bases, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition (CAESAR) sponsored by NIST. *Evaluation of candidates for the currently running password-hashing competition. *Design and analysis of lightweight cryptography (this topic is in line with the CORE ACRYPT project). === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === e7da933541ba75b457701a02f945559756177c44 10 9 2014-06-30T10:40:39Z Alex 2 wikitext text/x-wiki __NOTOC__ == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event (2008, 2010, 2013) taking place in Luxembourg and paired with Dagstuhl seminars (2007, 2009, 2012, 2014) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: • symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and • complex cryptosystems and cryptographic protocols employing these primitives • algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers. The exceptional feature of this seminar is that at least half of the participants are also speakers, since they are invited to give presentations on their most recent or on-going research. === Program Chairs === Alex Biryukov Joan Daemen Stefan Lucks Serge Vaudenay === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * Algorithmic challenges in SK and PK crypto (Groebner bases, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition (CAESAR) sponsored by NIST. *Evaluation of candidates for the currently running password-hashing competition. *Design and analysis of lightweight cryptography (this topic is in line with the CORE ACRYPT project). === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === 6e5a7f604053b79c37c4e2c47f6962be9c3823a4 11 10 2014-06-30T10:41:05Z Alex 2 wikitext text/x-wiki __NOTOC__ == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event (2008, 2010, 2013) taking place in Luxembourg and paired with Dagstuhl seminars (2007, 2009, 2012, 2014) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: • symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and • complex cryptosystems and cryptographic protocols employing these primitives • algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers. The exceptional feature of this seminar is that at least half of the participants are also speakers, since they are invited to give presentations on their most recent or on-going research. === Program Chairs === Alex Biryukov Joan Daemen Stefan Lucks Serge Vaudenay === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * Algorithmic challenges in SK and PK crypto (Groebner bases, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition (CAESAR) sponsored by NIST. *Evaluation of candidates for the currently running password-hashing competition. *Design and analysis of lightweight cryptography (this topic is in line with the CORE ACRYPT project). === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === c2648591bc91d66fdfa7bf8f8b64bf1193a52947 12 11 2014-06-30T10:41:18Z Alex 2 wikitext text/x-wiki __NOTOC__ == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event (2008, 2010, 2013) taking place in Luxembourg and paired with Dagstuhl seminars (2007, 2009, 2012, 2014) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers. The exceptional feature of this seminar is that at least half of the participants are also speakers, since they are invited to give presentations on their most recent or on-going research. === Program Chairs === Alex Biryukov Joan Daemen Stefan Lucks Serge Vaudenay === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * Algorithmic challenges in SK and PK crypto (Groebner bases, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition (CAESAR) sponsored by NIST. *Evaluation of candidates for the currently running password-hashing competition. *Design and analysis of lightweight cryptography (this topic is in line with the CORE ACRYPT project). === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === f620778bd8f2ab3af251a91bd88af0ac695de65c 13 12 2014-06-30T10:45:30Z Alex 2 wikitext text/x-wiki __NOTOC__ == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event (2008, 2010, 2013) taking place in Luxembourg and paired with Dagstuhl seminars (2007, 2009, 2012, 2014) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === Alex Biryukov Joan Daemen Stefan Lucks Serge Vaudenay === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (Groebner bases, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition (CAESAR) sponsored by NIST. *Evaluation of candidates for the currently running password-hashing competition. *Design and analysis of lightweight cryptography. === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === 605dc2da91723d789d40f8a00996d393d94727e4 14 13 2014-06-30T10:46:32Z Alex 2 wikitext text/x-wiki __NOTOC__ == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event (2008, 2010, 2013) taking place in Luxembourg and paired with Dagstuhl seminars (2007, 2009, 2012, 2014) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === Alex Biryukov Joan Daemen Stefan Lucks Serge Vaudenay === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition (CAESAR) sponsored by NIST. *Evaluation of candidates for the currently running password-hashing competition. *Design and analysis of lightweight cryptography. === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === bd31143d9e7f06c457ecf2b8f8a71034a8f7edf9 15 14 2014-06-30T10:50:08Z Alex 2 wikitext text/x-wiki __NOTOC__ == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars (2007, 2009, 2012, 2014) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === Alex Biryukov Joan Daemen Stefan Lucks Serge Vaudenay === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition (CAESAR) sponsored by NIST. *Evaluation of candidates for the currently running password-hashing competition. *Design and analysis of lightweight cryptography. === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === ab1cc45a74db3c8968a36746e784c4f110e11de0 16 15 2014-06-30T10:52:04Z Alex 2 wikitext text/x-wiki __NOTOC__ == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === Alex Biryukov Joan Daemen Stefan Lucks Serge Vaudenay === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition (CAESAR) sponsored by NIST. *Evaluation of candidates for the currently running password-hashing competition. *Design and analysis of lightweight cryptography. === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === 72522575f85086f925b135f31f06d68419894b38 17 16 2014-06-30T10:56:04Z Alex 2 /* Venue */ wikitext text/x-wiki __NOTOC__ == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === Alex Biryukov Joan Daemen Stefan Lucks Serge Vaudenay === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition (CAESAR) sponsored by NIST. *Evaluation of candidates for the currently running password-hashing competition. *Design and analysis of lightweight cryptography. === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. [[Image:clervaux.jpg‎|200px|thumb|left|Clervaux]] === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === f27b3f85fa2297ca91f250e4cd4a0c8aa181ab95 19 17 2014-06-30T12:47:50Z Alex 2 wikitext text/x-wiki __NOTOC__ == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === Alex Biryukov Joan Daemen Stefan Lucks Serge Vaudenay === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition (CAESAR) sponsored by NIST. *Evaluation of candidates for the currently running password-hashing competition. *Design and analysis of lightweight cryptography. === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. [[Image:clervaux.jpg‎|400px|thumb|left|Clervaux]] === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === ca6b43fba23e055047722f2b522f521e9a367a4f 20 19 2014-06-30T12:48:39Z Alex 2 wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|left|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === Alex Biryukov Joan Daemen Stefan Lucks Serge Vaudenay === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition (CAESAR) sponsored by NIST. *Evaluation of candidates for the currently running password-hashing competition. *Design and analysis of lightweight cryptography. === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === 990207e060bbb7c01037015d2bde9a7ce30d5e4e 21 20 2014-06-30T12:49:04Z Alex 2 wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|left|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === Alex Biryukov Joan Daemen Stefan Lucks Serge Vaudenay === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition (CAESAR) sponsored by NIST. *Evaluation of candidates for the currently running password-hashing competition. *Design and analysis of lightweight cryptography. === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === 505b0fe2a712f1a7667876b21e1999d34aadb050 22 21 2014-06-30T12:49:28Z Alex 2 wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === Alex Biryukov Joan Daemen Stefan Lucks Serge Vaudenay === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition (CAESAR) sponsored by NIST. *Evaluation of candidates for the currently running password-hashing competition. *Design and analysis of lightweight cryptography. === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === 20e4712a5e04b2c787bfc1507925db4334bf12f2 23 22 2014-06-30T13:56:01Z Alex 2 /* Program Chairs */ wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [Alex Biryukov | Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition (CAESAR) sponsored by NIST. *Evaluation of candidates for the currently running password-hashing competition. *Design and analysis of lightweight cryptography. === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === 66e4ae5bcde88e921a4c0347ea588b2dba220953 24 23 2014-06-30T13:57:02Z Alex 2 /* Program Chairs */ wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition (CAESAR) sponsored by NIST. *Evaluation of candidates for the currently running password-hashing competition. *Design and analysis of lightweight cryptography. === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === e529aa2734fa6a4f34b3ad4926255f8845e47425 25 24 2014-06-30T13:57:59Z Alex 2 /* The List of topics */ wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running password-hashing competition. *Design and analysis of lightweight cryptography. === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === 9306a81c2cf973ddeef9d3d7204673c3b7dff45d 26 25 2014-06-30T14:00:50Z Alex 2 /* The List of topics */ wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel ... in Clervaux, a castle town in Luxembourg in Ardennes. Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === 0805d8b6f5121876ba75ae52c9358ace020cbc3b 27 26 2014-07-08T15:03:06Z Alex 2 /* Venue */ wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel International in Clervaux, a castle town in Luxembourg in Ardennes. <--Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. --> === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === 3d104ec1b61d2f8eab408194f35694d9a0b501ab 28 27 2014-07-08T15:04:41Z Alex 2 /* Venue */ wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel [http://www.interclervaux.lu/?lang=en International] in Clervaux, a medieval town in Luxembourg in Ardennes. <!--Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. --> === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === 9eb0d3b74ef2e1941b8f0b6a9788450ff2956e68 29 28 2014-07-08T15:06:05Z Alex 2 /* Venue */ wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel [http://www.interclervaux.lu/?lang=en International] in Clervaux, a medieval town in Luxembourg in the [http://en.wikipedia.org/wiki/Ardennes Ardennes]. <!--Please contact the hotel for booking: ... Please put <fabienne.schmitz@uni.lu> in CC. Prices: Single room (1 single bed): .. Classic single room (1 double bed): .. Double room: ... Breakfast is included. We cover lunches and dinners. --> === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === 211027ebb516ead6ef8a140e09c2c6ac3cca512e 30 29 2014-07-08T15:29:30Z Alex 2 /* Venue */ wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here will be the program === Proceedings === .... === Venue === The conference will be held at the hotel [http://www.interclervaux.lu/?lang=en International] in Clervaux, a medieval town in Luxembourg in the [http://en.wikipedia.org/wiki/Ardennes Ardennes]. Please contact the [http://www.interclervaux.lu/?lang=en hotel] for the booking. Please put <fabienne.schmitz@uni.lu> in CC. Hotel prices: Single room : 85 € Double room : 105 € Price includes breakfast, free WiFi, access to wellness (swimming pool, sauna, hammam, fitness). We cover lunches and dinners. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === 4158f998c1926ad6c0ad78cae98c955fa4ffbfa5 31 30 2014-07-08T15:30:41Z Alex 2 /* Proceedings */ wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here will be the program === Proceedings === There will be electronic proceedings like last time, with ISBN and open access license. === Venue === The conference will be held at the hotel [http://www.interclervaux.lu/?lang=en International] in Clervaux, a medieval town in Luxembourg in the [http://en.wikipedia.org/wiki/Ardennes Ardennes]. Please contact the [http://www.interclervaux.lu/?lang=en hotel] for the booking. Please put <fabienne.schmitz@uni.lu> in CC. Hotel prices: Single room : 85 € Double room : 105 € Price includes breakfast, free WiFi, access to wellness (swimming pool, sauna, hammam, fitness). We cover lunches and dinners. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === f9e10fd85717935f4053fe8fba8da90898b86520 32 31 2014-07-08T15:32:19Z Alex 2 /* Venue */ wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here will be the program === Proceedings === There will be electronic proceedings like last time, with ISBN and open access license. === Venue === The conference will be held at the hotel [http://www.interclervaux.lu/?lang=en International] in Clervaux, a medieval town in Luxembourg in the [http://en.wikipedia.org/wiki/Ardennes Ardennes]. Please contact the [http://www.interclervaux.lu/?lang=en hotel] for the booking. Please put <fabienne.schmitz@uni.lu> in CC. Hotel prices: Single room : 85 € Double room : 105 € Price includes breakfast, free WiFi, access to wellness (swimming pool, sauna, hammam, fitness). We cover lunches, dinners and venue costs. There are no registration fees. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === 8b459972965f52572957bf2aaa27334110c1f894 522 32 2014-12-05T10:20:21Z Yann 1 wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere.# === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here will be the program === Proceedings === There will be electronic proceedings like last time, with ISBN and open access license. === Venue === The conference will be held at the hotel [http://www.interclervaux.lu/?lang=en International] in Clervaux, a medieval town in Luxembourg in the [http://en.wikipedia.org/wiki/Ardennes Ardennes]. Please contact the [http://www.interclervaux.lu/?lang=en hotel] for the booking. Please put <fabienne.schmitz@uni.lu> in CC. Hotel prices: Single room : 85 € Double room : 105 € Price includes breakfast, free WiFi, access to wellness (swimming pool, sauna, hammam, fitness). We cover lunches, dinners and venue costs. There are no registration fees. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === cb37c7fdba90f34dad49ba0a20bb04a42f2f87d3 523 522 2014-12-05T10:20:28Z Yann 1 wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here will be the program === Proceedings === There will be electronic proceedings like last time, with ISBN and open access license. === Venue === The conference will be held at the hotel [http://www.interclervaux.lu/?lang=en International] in Clervaux, a medieval town in Luxembourg in the [http://en.wikipedia.org/wiki/Ardennes Ardennes]. Please contact the [http://www.interclervaux.lu/?lang=en hotel] for the booking. Please put <fabienne.schmitz@uni.lu> in CC. Hotel prices: Single room : 85 € Double room : 105 € Price includes breakfast, free WiFi, access to wellness (swimming pool, sauna, hammam, fitness). We cover lunches, dinners and venue costs. There are no registration fees. === Tourism === *Clervaux castle *Vianden castle *Hikes === Weather === 1bf4f07f74e35356454d01d84a35c2aa9b9b19c7 524 523 2014-12-05T10:23:37Z Alex 2 /* Tourism */ wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here will be the program === Proceedings === There will be electronic proceedings like last time, with ISBN and open access license. === Venue === The conference will be held at the hotel [http://www.interclervaux.lu/?lang=en International] in Clervaux, a medieval town in Luxembourg in the [http://en.wikipedia.org/wiki/Ardennes Ardennes]. Please contact the [http://www.interclervaux.lu/?lang=en hotel] for the booking. Please put <fabienne.schmitz@uni.lu> in CC. Hotel prices: Single room : 85 € Double room : 105 € Price includes breakfast, free WiFi, access to wellness (swimming pool, sauna, hammam, fitness). We cover lunches, dinners and venue costs. There are no registration fees. === Tourism === *Clervaux castle *Vianden castle (organized excursion is planned) *Hikes === Weather === 171aee696f505c753df4b5d54957b5b5f4d11049 525 524 2014-12-05T10:25:59Z Alex 2 /* Weather */ wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here will be the program === Proceedings === There will be electronic proceedings like last time, with ISBN and open access license. === Venue === The conference will be held at the hotel [http://www.interclervaux.lu/?lang=en International] in Clervaux, a medieval town in Luxembourg in the [http://en.wikipedia.org/wiki/Ardennes Ardennes]. Please contact the [http://www.interclervaux.lu/?lang=en hotel] for the booking. Please put <fabienne.schmitz@uni.lu> in CC. Hotel prices: Single room : 85 € Double room : 105 € Price includes breakfast, free WiFi, access to wellness (swimming pool, sauna, hammam, fitness). We cover lunches, dinners and venue costs. There are no registration fees. === Tourism === *Clervaux castle *Vianden castle (organized excursion is planned) *Hikes === Weather === Typical temperatures in Luxembourg in January are -2 -- +10. Take a good rain coat and hiking shoes if you want to explore the surroundings. 2c7594b3921825b04bd45d0d4fb730d91c0fcf61 527 525 2014-12-05T10:36:11Z Alex 2 wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here will be the program === Proceedings === There will be electronic proceedings like last time, with ISBN and open access license. === Venue === The conference will be held at the hotel [http://www.interclervaux.lu/?lang=en International] in Clervaux, a medieval town in Luxembourg in the [http://en.wikipedia.org/wiki/Ardennes Ardennes]. Please contact the [http://www.interclervaux.lu/?lang=en hotel] for the booking. Please put <fabienne.schmitz@uni.lu> in CC. Hotel prices: Single room : 85 € Double room : 105 € Price includes breakfast, free WiFi, access to wellness (swimming pool, sauna, hammam, fitness). We cover lunches, dinners and venue costs. There are no registration fees. === Tourism === *Clervaux castle *Vianden castle (organized excursion is planned) *Hikes === Weather === Typical temperatures in Luxembourg in January are -2 -- +10. Take a good rain coat and hiking shoes if you want to explore the surroundings. === Sponsors === This event is sponsored by the [http://www.fnr.lu Fonds National de la Recherche Luxembourg] and by [http://lacs.uni.lu Laboratory of Algorithmics, Cryptology and Security] [[Image:Fnr_logo_web.jpg‎|FNR logo]] 6c1311de1b7e11f183138b1142702e5e9af902f4 528 527 2014-12-05T10:42:17Z Alex 2 /* Sponsors */ wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here will be the program === Proceedings === There will be electronic proceedings like last time, with ISBN and open access license. === Venue === The conference will be held at the hotel [http://www.interclervaux.lu/?lang=en International] in Clervaux, a medieval town in Luxembourg in the [http://en.wikipedia.org/wiki/Ardennes Ardennes]. Please contact the [http://www.interclervaux.lu/?lang=en hotel] for the booking. Please put <fabienne.schmitz@uni.lu> in CC. Hotel prices: Single room : 85 € Double room : 105 € Price includes breakfast, free WiFi, access to wellness (swimming pool, sauna, hammam, fitness). We cover lunches, dinners and venue costs. There are no registration fees. === Tourism === *Clervaux castle *Vianden castle (organized excursion is planned) *Hikes === Weather === Typical temperatures in Luxembourg in January are -2 -- +10. Take a good rain coat and hiking shoes if you want to explore the surroundings. === Sponsors === This event is sponsored by the [http://www.fnr.lu Fonds National de la Recherche Luxembourg] and by [http://lacs.uni.lu Laboratory of Algorithmics, Cryptology and Security] [[Image:Fnr_logo_web.jpg‎|FNR logo]] [[Image:LACS_logo.jpg‎|LACS logo]] ed224216cec95a6b222ff6345810ee22a18fe9aa 530 528 2014-12-05T10:42:54Z Alex 2 /* Sponsors */ wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here will be the program === Proceedings === There will be electronic proceedings like last time, with ISBN and open access license. === Venue === The conference will be held at the hotel [http://www.interclervaux.lu/?lang=en International] in Clervaux, a medieval town in Luxembourg in the [http://en.wikipedia.org/wiki/Ardennes Ardennes]. Please contact the [http://www.interclervaux.lu/?lang=en hotel] for the booking. Please put <fabienne.schmitz@uni.lu> in CC. Hotel prices: Single room : 85 € Double room : 105 € Price includes breakfast, free WiFi, access to wellness (swimming pool, sauna, hammam, fitness). We cover lunches, dinners and venue costs. There are no registration fees. === Tourism === *Clervaux castle *Vianden castle (organized excursion is planned) *Hikes === Weather === Typical temperatures in Luxembourg in January are -2 -- +10. Take a good rain coat and hiking shoes if you want to explore the surroundings. === Sponsors === This event is sponsored by the [http://www.fnr.lu Fonds National de la Recherche Luxembourg] and by [http://lacs.uni.lu Laboratory of Algorithmics, Cryptology and Security] [[Image:Fnr_logo_web.jpg‎|FNR logo]] [[Image:LACS-logo.jpg‎|LACS logo]] 43c955c572ac92c9656034962336f2fe3f051f72 531 530 2014-12-05T10:43:30Z Alex 2 /* Sponsors */ wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here will be the program === Proceedings === There will be electronic proceedings like last time, with ISBN and open access license. === Venue === The conference will be held at the hotel [http://www.interclervaux.lu/?lang=en International] in Clervaux, a medieval town in Luxembourg in the [http://en.wikipedia.org/wiki/Ardennes Ardennes]. Please contact the [http://www.interclervaux.lu/?lang=en hotel] for the booking. Please put <fabienne.schmitz@uni.lu> in CC. Hotel prices: Single room : 85 € Double room : 105 € Price includes breakfast, free WiFi, access to wellness (swimming pool, sauna, hammam, fitness). We cover lunches, dinners and venue costs. There are no registration fees. === Tourism === *Clervaux castle *Vianden castle (organized excursion is planned) *Hikes === Weather === Typical temperatures in Luxembourg in January are -2 -- +10. Take a good rain coat and hiking shoes if you want to explore the surroundings. === Sponsors === This event is sponsored by the [http://www.fnr.lu Fonds National de la Recherche Luxembourg] and by [http://lacs.uni.lu Laboratory of Algorithmics, Cryptology and Security] [[Image:Fnr_logo_web.jpg‎|FNR logo]] [[Image:LACS-logo.jpg‎|LACS logo]] 04bca02d50338dcb833ec0a6406ccc269830d0bf 532 531 2014-12-05T11:06:30Z Alex 2 wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here will be the program === Proceedings === There will be electronic proceedings like last time, with ISBN and open access license. === Venue === The conference will be held at the hotel [http://www.interclervaux.lu/?lang=en International] in Clervaux, a medieval town in Luxembourg in the [http://en.wikipedia.org/wiki/Ardennes Ardennes]. Please contact the [http://www.interclervaux.lu/?lang=en hotel] for the booking. Please put <fabienne.schmitz@uni.lu> in CC. Hotel prices: Single room : 85 € Double room : 105 € Price includes breakfast, free WiFi, access to wellness (swimming pool, sauna, hammam, fitness). We cover lunches, dinners and venue costs. There are no registration fees. === Tourism === *Clervaux castle *Vianden castle (organized excursion is planned) *Hikes === Weather === Typical temperatures in Luxembourg in January are -2 -- +10. Take a good rain coat and hiking shoes if you want to explore the surroundings. === Sponsors === This event is sponsored by the [http://www.fnr.lu Fonds National de la Recherche Luxembourg] and by the [http://lacs.uni.lu Laboratory of Algorithmics, Cryptology and Security] [[Image:Fnr_logo_web.jpg‎|100px|FNR logo]] [[Image:LACS-logo.jpg‎|100px|LACS logo]] c08082b6ede17269ed6598d496f3cbb602b96375 533 532 2014-12-05T11:06:45Z Alex 2 /* Sponsors */ wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here will be the program === Proceedings === There will be electronic proceedings like last time, with ISBN and open access license. === Venue === The conference will be held at the hotel [http://www.interclervaux.lu/?lang=en International] in Clervaux, a medieval town in Luxembourg in the [http://en.wikipedia.org/wiki/Ardennes Ardennes]. Please contact the [http://www.interclervaux.lu/?lang=en hotel] for the booking. Please put <fabienne.schmitz@uni.lu> in CC. Hotel prices: Single room : 85 € Double room : 105 € Price includes breakfast, free WiFi, access to wellness (swimming pool, sauna, hammam, fitness). We cover lunches, dinners and venue costs. There are no registration fees. === Tourism === *Clervaux castle *Vianden castle (organized excursion is planned) *Hikes === Weather === Typical temperatures in Luxembourg in January are -2 -- +10. Take a good rain coat and hiking shoes if you want to explore the surroundings. === Sponsors === This event is sponsored by the [http://www.fnr.lu Fonds National de la Recherche Luxembourg] and by the [http://lacs.uni.lu Laboratory of Algorithmics, Cryptology and Security] [[Image:Fnr_logo_web.jpg‎|200px|FNR logo]] [[Image:LACS-logo.jpg‎|200px|LACS logo]] 9923a5bb5558827f51a0d800fed5cc1f199aa2e1 8 4 4 2014-06-30T09:31:05Z Yann 1 Redirected page to [[ESC 2015]] wikitext text/x-wiki #REDIRECT [[ESC_2015]] 980ef9ae90c41cc7b3c1806b5b0e8399660c052f 5 4 2014-06-30T09:41:46Z Yann 1 wikitext text/x-wiki #REDIRECT [[ESC 2015]] 81ce8bccda7dad472e891726612a2706a7504689 6 5 2014-06-30T09:42:29Z Yann 1 wikitext text/x-wiki Main page 97461b6c9e4e8749cbc57fafb28060bcbd15d377 7 6 2014-06-30T09:43:01Z Yann 1 wikitext text/x-wiki ESC 2015 6684a6ce32e2d2d5b00d00828f62c27e6a3fb580 6 5 18 2014-06-30T12:21:44Z Yann 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 1 6 33 2014-08-06T19:56:59Z 178.137.215.97 0 Производство мебели из дерева на заказ wikitext text/x-wiki <a href=http://www.abey.ru/directions/lestnitsy/>фабрики по производству лестниц для коттеджей</a> Большой дом немыслимо себе представить без лестниц, а комнаты – без мебели, причем роскошной и искусно сделанной. Это же касаемо и лестниц. Приятно подниматься на второй этаж дома, дотрагиваясь до резных деревянных перил, ощущая себе в другом столетии. <a href=http://www.abey.ru/directions/interery/>эксклюзивные деревянные изделия</a> Если вы хотите иметь в собственном доме оригинальные шкафы из дерева в стиле XIX века, оригинальные кровати с резными быльцами, сделанные по вашему желанию, большой деревянный стол, за которым так приятно собираться всей семьей, тогда мы ожидаем ваших заказов, чтобы исполнить все ваши пожелания. Мы – это компания «Абей», делающая ваш дом стильным, комфортным, красивым, роскошным, деревянным. <a href=http://www.abey.ru/rasprodazha/>брус 100 100 бук</a> Кроме лестниц и обстановки нам под силу сауны и бани, а также изысканную деревянную отделку всего вашего жилья, в том числе и уникальный интерьер бильярдных помещений и кабинетов. Уйти от пластика и ненатуральных материалов, вернуться к жизни, дыша глубоко и спокойно в своем собственном доме – что может быть лучше! Тем более деревянная мебель в интерьере – это еще и стильно, и красиво выглядит. <a href=http://www.abey.ru/>мебельные изделия из дерева на заказ</a> Все ваши идеи мы претворим в процессе работы, но также можем предоставить готовые дизайнерские идеи интерьера и мебели, саун и эксклюзивных лестниц. e543fa3dc580c80813a679629dd0d0adbbe03ff5 521 33 2014-10-11T11:46:17Z Yann 1 Blanked the page wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 405 526 2014-12-05T10:34:53Z Alex 2 FNR logo wikitext text/x-wiki FNR logo 618520b6b77e2ee345eaec599f4db9624c497a9e 6 406 529 2014-12-05T10:42:34Z Alex 2 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 407 534 2014-12-05T11:14:41Z Alex 2 Created page with "=== Participants === *[[Andrey Bogdanov]] *[[Anne Canteaut]] *[[Antoine Joux]] *[[Bart Preneel]] *[[Carlos Cid]] *[[Cécile Pierrot]] *[[Celine Blondeau]] *[[Cristian Rechber..." wikitext text/x-wiki === Participants === *[[Andrey Bogdanov]] *[[Anne Canteaut]] *[[Antoine Joux]] *[[Bart Preneel]] *[[Carlos Cid]] *[[Cécile Pierrot]] *[[Celine Blondeau]] *[[Cristian Rechberger]] *[[Damian Vizar]] *[[Dmitry Khovratovich]] *[[Eik List]] *[[Elena Andreeva]] *[[Eli Biham]] *[[Farzaneh Abed]] *[[Florian Mendel]] *[[François-Xavier Standaert]] *[[Frederik Armknecht]] *[[Gaetan Leurent]] *[[Gildas Avoine]] *[[Gilles Van Assche]] *[[Gregor Leander]] *[[Guido Bertoni]] *[[Henri Gilbert]] *[[Itai Dinur]] *[[Jean-Philippe Aumasson]] *[[Kaisa Nyberg]] *[[Kan Yasuda]] *[[Kasumaru Aoki]] *[[Leo Perrin]] *[[Maria Naya-Plasencia]] *[[Michael Peeters]] *[[Orr Dunkelman]] *[[Petr Susil]] *[[Reza Reyhanitabar]] *[[Steve Babbage]] *[[Tetsu Iwata]] *[[Thomas Peyrin]] *[[Vesselin Velichkov]] *[[Willi Meier]] *[[Yu Sasaki]] *[[Alex Biryukov]] *[[Joan Daemen]] *[[Stefan Lucks]] *[[Serge Vaudenay]] 2fe966c2522c00e12676aaa22375e2a051944491 0 408 535 2014-12-05T11:16:39Z Alex 2 Created page with "==== Contact ==== If you need any help, please contact: Fabienne SCHMITZ <fabienne.schmitz@uni.lu> Secretariat Computer Science and Communications Research Unit Univers..." wikitext text/x-wiki ==== Contact ==== If you need any help, please contact: Fabienne SCHMITZ <fabienne.schmitz@uni.lu> Secretariat Computer Science and Communications Research Unit University of Luxembourg T. +352 46 66 44 5766 F. +352 46 66 44 5620 976691600f96a21aaa3a56dbb5efdc1285be8e40 0 409 536 2014-12-05T11:20:01Z Alex 2 Created page with "TBA" wikitext text/x-wiki TBA ae50ce81c0ab15346851715818b855eed68b0618 0 410 537 2014-12-05T11:21:16Z Alex 2 Created page with "TBA" wikitext text/x-wiki TBA ae50ce81c0ab15346851715818b855eed68b0618 0 411 538 2014-12-05T11:21:28Z Alex 2 Created page with "TBA" wikitext text/x-wiki TBA ae50ce81c0ab15346851715818b855eed68b0618 562 538 2014-12-28T11:29:43Z Joan 3 wikitext text/x-wiki Anne Canteaut: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks Abstract: In this work, we investigate the effect of affine transformations of the Sbox on the maximal expected differential probability and linear potential over two rounds of a substitution-permutation network, when the diffusion layer is linear over the finite field defined by the Sbox alphabet. One of our aims is to understand why the MEDP and MELP of the AES both increase when the AES Sbox is replaced by the inversion in GF{2^8}. Most notably, we will show that this phenomenon is related to the fact that the inversion is an involution. 6bbc10f825cdf55f1248da5a6e0fdd3ba7daba46 0 412 539 2014-12-05T11:21:40Z Alex 2 Created page with "TBA" wikitext text/x-wiki TBA ae50ce81c0ab15346851715818b855eed68b0618 0 413 540 2014-12-05T11:22:02Z Alex 2 Created page with "TBA" wikitext text/x-wiki TBA ae50ce81c0ab15346851715818b855eed68b0618 575 540 2015-01-07T09:39:41Z Joan 3 wikitext text/x-wiki Title: Spectral characterization of uniformity loss and application to Keccak, revisited Abstract: We study threshold sharing schemes against DPA and investigate in what way the failure to meet the uniformity condition may jeopardize the immunity against first-order DPA. For this we introduce a treatment of discrete distributions and vector Boolean mappings in the spectral domain using correlation matrices. We identify the characteristic properties of discrete distributions and mappings that are important in the macroscopic analysis: the total imbalance and imbalance contribution. We show that the total imbalance of the result of applying an iterated mapping to an input is the sum of the imbalance of that input plus the sum of the imbalances of the rounds of the iterated mappings. In the microscopic analysis we make use of (reduced) correlation matrices and imbalance vectors that are inherent in lossy mappings. We apply our theory on non-uniform sharing and use the one for Keccak as a test bench for our techniques. In particular, we propose an new generic trick to address non-uniformity and show that its application makes any remaining imbalances unexploitable. f64c808d86dc2049eedc1a0abf928cc271faee93 0 414 541 2014-12-05T11:22:15Z Alex 2 Created page with "TBA" wikitext text/x-wiki TBA ae50ce81c0ab15346851715818b855eed68b0618 0 415 542 2014-12-05T11:22:26Z Alex 2 Created page with "TBA" wikitext text/x-wiki TBA ae50ce81c0ab15346851715818b855eed68b0618 0 416 543 2014-12-05T11:25:58Z Alex 2 Created page with "== '''12-January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1:''' 9:00-10:20 [[TBA]]: TBA [[TBA]]: TBA 10:20-10:50..." wikitext text/x-wiki == '''12-January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1:''' 9:00-10:20 [[TBA]]: TBA [[TBA]]: TBA 10:20-10:50 ''Break'' '''Session 2:''' 10:50-12:10 [[TBA]]: TBA [[TBA]]: TBA 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[TBA]]: TBA [[TBA]]: TBA [[TBA]]: TBA 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[TBA]]: TBA [[TBA]]: TBA 19:00 - 21:00 ''Dinner'' == '''15-January 2013 2nd day of the seminar''' == ..... 8ce5e166193809e28c6e14f98d532d37b52a6c07 544 543 2014-12-05T11:27:04Z Alex 2 wikitext text/x-wiki == '''12-January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1:''' 9:00-10:20 [[TBA]]: TBA [[TBA]]: TBA 10:20-10:50 ''Break'' '''Session 2:''' 10:50-12:10 [[TBA]]: TBA [[TBA]]: TBA 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[TBA]]: TBA [[TBA]]: TBA [[TBA]]: TBA 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[TBA]]: TBA [[TBA]]: TBA 19:00 - 21:00 ''Dinner'' == '''13-January 2015 2nd day of the seminar''' == .... == '''14-January 2015 2nd day of the seminar''' == .... == '''15-January 2015 2nd day of the seminar''' == .... == '''16-January 2015 2nd day of the seminar''' == .... 72b71992dc605b1d5f7a6db043472aeda176a5d1 545 544 2014-12-05T11:27:46Z Alex 2 wikitext text/x-wiki == '''12-January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1:''' 9:00-10:20 [[TBA]]: TBA [[TBA]]: TBA 10:20-10:50 ''Break'' '''Session 2:''' 10:50-12:10 [[TBA]]: TBA [[TBA]]: TBA 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[TBA]]: TBA [[TBA]]: TBA [[TBA]]: TBA 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[TBA]]: TBA [[TBA]]: TBA 19:00 - 21:00 ''Dinner'' == '''13-January 2015 2nd day of the seminar''' == .... == '''14-January 2015 3rd day of the seminar''' == .... == '''15-January 2015 4th day of the seminar''' == .... == '''16-January 2015 5th day of the seminar''' == .... a4750790a7538948d520be35bc1f370792335b55 553 545 2014-12-26T08:15:51Z Joan 3 wikitext text/x-wiki == '''12-January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function OR Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements, part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements, part 2''' 15:10 - 15:50 [[Michaël Peeters]]: On white-box cryptography '''Session 4: Authenticated encryption and provable security, part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: On modular keyed sponge security proofs [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security, part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13-January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions [[Maria Naya-Plasencia]]: On impossible differential attacks [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Kaisa Nyberg]]: No subject yet [[Christian Rechberger]]: About new cipher design 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:20 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''14-January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:30 - 17:00. Arrive back at the hotel at 17:40 18:00 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15-January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''15-January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 431c545448c41b7610b26e2579de28278dc74202 554 553 2014-12-26T08:16:42Z Joan 3 wikitext text/x-wiki == '''12-January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function OR Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements, part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements, part 2''' 15:10 - 15:50 [[Michaël Peeters]]: On white-box cryptography '''Session 4: Authenticated encryption and provable security, part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: On modular keyed sponge security proofs [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security, part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13-January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions [[Maria Naya-Plasencia]]: On impossible differential attacks 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Kaisa Nyberg]]: No subject yet 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''14-January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:30 - 17:00. Arrive back at the hotel at 17:40 18:00 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15-January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''15-January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 429034ea3f64f027f47f6c4ab0aa920ebde78413 555 554 2014-12-28T11:22:16Z Joan 3 wikitext text/x-wiki == '''12-January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function OR Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements, part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements, part 2''' 15:10 - 15:50 [[Michaël Peeters]]: On white-box cryptography '''Session 4: Authenticated encryption and provable security, part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: On modular keyed sponge security proofs [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security, part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13-January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions [[Maria Naya-Plasencia]]: On impossible differential attacks 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Kaisa Nyberg]]: No subject yet [[Kazumaro Aoki]]: No subject yet 17:10 - 17:40 ''Break'' [[Petr Susil]]: On algebraic attacks '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''14-January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:30 - 17:00. Arrive back at the hotel at 17:40 18:00 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15-January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''15-January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' f3e96109a60a22c6a3ed2653e7e71f19c116c48c 563 555 2014-12-31T16:36:42Z Joan 3 wikitext text/x-wiki == '''12-January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function OR Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements, part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements, part 2''' 15:10 - 15:50 [[Michaël Peeters]]: On white-box cryptography '''Session 4: Authenticated encryption and provable security, part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: On modular keyed sponge security proofs [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security, part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13-January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions [[Maria Naya-Plasencia]]: On impossible differential attacks 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: No subject yet''' 15:10 - 17:10 [[Kaisa Nyberg]]: No subject yet [[Kazumaro Aoki]]: No subject yet [[Yu Sasaki]]: No subject yet 17:10 - 17:40 ''Break'' [[Petr Susil]]: On algebraic attacks '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''14-January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:30 - 17:00. Arrive back at the hotel at 17:40 18:00 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15-January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''15-January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 903a8c312e7b2c55af594dbb5008115c73811ede 564 563 2015-01-02T13:41:57Z Joan 3 wikitext text/x-wiki == '''12-January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function OR Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: On white-box cryptography '''Session 4: Authenticated encryption and provable security, part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: On modular keyed sponge security proofs [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security, part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13-January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions [[Maria Naya-Plasencia]]: On impossible differential attacks 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: No subject yet''' 15:10 - 17:10 [[Kaisa Nyberg]]: No subject yet [[Kazumaro Aoki]]: No subject yet [[Yu Sasaki]]: No subject yet 17:10 - 17:40 ''Break'' [[Petr Susil]]: On algebraic attacks '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''14-January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:30 - 17:00. Arrive back at the hotel at 17:40 18:00 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15-January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16-January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 953e52d704571b3849e26ef86465a216513c8d40 565 564 2015-01-02T13:42:35Z Joan 3 wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function OR Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: On white-box cryptography '''Session 4: Authenticated encryption and provable security, part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: On modular keyed sponge security proofs [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security, part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions [[Maria Naya-Plasencia]]: On impossible differential attacks 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: No subject yet''' 15:10 - 17:10 [[Kaisa Nyberg]]: No subject yet [[Kazumaro Aoki]]: No subject yet [[Yu Sasaki]]: No subject yet 17:10 - 17:40 ''Break'' [[Petr Susil]]: On algebraic attacks '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:30 - 17:00. Arrive back at the hotel at 17:40 18:00 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 08373024559b7b5871a9b95ac6396c9a21a6d868 566 565 2015-01-03T17:07:29Z Joan 3 wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function OR Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: On white-box cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: On modular keyed sponge security proofs [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions [[Maria Naya-Plasencia]]: On impossible differential attacks 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: No subject yet''' 15:10 - 17:10 [[Kaisa Nyberg]]: No subject yet [[Kazumaro Aoki]]: No subject yet [[Yu Sasaki]]: No subject yet 17:10 - 17:40 ''Break'' [[Petr Susil]]: On algebraic attacks '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:30 - 17:00. Arrive back at the hotel at 17:40 18:00 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 20403cdd0484c1f4f8515564df2c6d588f40cb9b 567 566 2015-01-04T14:17:33Z Joan 3 /* 14 January 2015 3rd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function OR Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: On white-box cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: On modular keyed sponge security proofs [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions [[Maria Naya-Plasencia]]: On impossible differential attacks 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: No subject yet''' 15:10 - 17:10 [[Kaisa Nyberg]]: No subject yet [[Kazumaro Aoki]]: No subject yet [[Yu Sasaki]]: No subject yet 17:10 - 17:40 ''Break'' [[Petr Susil]]: On algebraic attacks '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:30 - 17:00. Arrive back at the hotel at 17:40 18:00 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 253203422966f40c6db0f53ef118314c38bf67bd 568 567 2015-01-05T12:20:59Z Joan 3 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function OR Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: On white-box cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: On modular keyed sponge security proofs [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions [[Maria Naya-Plasencia]]: On impossible differential attacks 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: No subject yet''' 15:10 - 17:10 [[Kaisa Nyberg]]: No subject yet [[Kazumaro Aoki]]: No subject yet [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Petr Susil]]: On algebraic attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:30 - 17:00. Arrive back at the hotel at 17:40 18:00 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' f557528ec1e44bf103c5fde74ccba12728f39c94 573 568 2015-01-06T15:11:28Z Joan 3 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function OR Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: On white-box cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: On modular keyed sponge security proofs [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Léo Paul Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: No subject yet''' 15:10 - 17:10 [[Kaisa Nyberg]]: No subject yet [[Kazumaro Aoki]]: No subject yet [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption 17:10 - 17:40 ''Break'' '''Session 4: Cryptanalysis''' 17:40 - 19:00 [[Maria Naya-Plasencia]]: On impossible differential attacks [[Petr Susil]]: On algebraic attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:30 - 17:00. Arrive back at the hotel at 17:40 18:00 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 354ec0b77ba99c0bf517ef540f8f68994385aef8 576 573 2015-01-07T14:46:48Z Joan 3 wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function OR Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: On white-box cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: On modular keyed sponge security proofs [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Léo Paul Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: No subject yet''' 15:10 - 17:10 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Kaisa Nyberg]]: No subject yet [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption 17:10 - 17:40 ''Break'' '''Session 4: Cryptanalysis''' 17:40 - 19:00 [[Maria Naya-Plasencia]]: On impossible differential attacks [[Petr Susil]]: On algebraic attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[François-Xavier Standaert]]: No subject yet [[Kazumaro Aoki]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:30 - 17:00. Arrive back at the hotel at 17:40 18:00 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 021075bdcb782e2814cd86d910d927d2f00c31f5 577 576 2015-01-08T17:47:09Z Joan 3 /* 12 January 2015 1st day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function OR Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: On white-box cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Léo Paul Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: No subject yet''' 15:10 - 17:10 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Kaisa Nyberg]]: No subject yet [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption 17:10 - 17:40 ''Break'' '''Session 4: Cryptanalysis''' 17:40 - 19:00 [[Maria Naya-Plasencia]]: On impossible differential attacks [[Petr Susil]]: On algebraic attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[François-Xavier Standaert]]: No subject yet [[Kazumaro Aoki]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:30 - 17:00. Arrive back at the hotel at 17:40 18:00 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' b6d230fdd0c3b1b99c6242cf59b0d5775b0d66c0 579 577 2015-01-09T09:19:07Z Joan 3 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function OR Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: On white-box cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Léo Paul Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: No subject yet''' 15:10 - 17:10 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Kaisa Nyberg]]: No subject yet [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption 17:10 - 17:40 ''Break'' '''Session 4: Cryptanalysis''' 17:40 - 19:00 [[Maria Naya-Plasencia]]: On impossible differential attacks [[Petr Susil]]: On algebraic attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[François-Xavier Standaert]]: No subject yet [[Kazumaro Aoki]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:30 - 17:00. Arrive back at the hotel at 17:40 18:00 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 0cb4c0f363185103e72d7e129b20b7793adb368f 580 579 2015-01-09T10:56:03Z Joan 3 wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function OR Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: On white-box cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Léo Paul Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: No subject yet''' 15:10 - 17:10 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Kaisa Nyberg]]: No subject yet [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption 17:10 - 17:40 ''Break'' '''Session 4: Cryptanalysis''' 17:40 - 19:00 [[Maria Naya-Plasencia]]: On impossible differential attacks [[Petr Susil]]: On algebraic attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[François-Xavier Standaert]]: No subject yet [[Kazumaro Aoki]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:30 - 17:00. Arrive back at the hotel at 17:40 18:00 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 1fae1cc6e8e76f07a2752b2845ce93da029600ff 581 580 2015-01-09T16:49:32Z Joan 3 /* 14 January 2015 3rd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function OR Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: On white-box cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Léo Paul Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: No subject yet''' 15:10 - 17:10 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Kaisa Nyberg]]: No subject yet [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption 17:10 - 17:40 ''Break'' '''Session 4: Cryptanalysis''' 17:40 - 19:00 [[Maria Naya-Plasencia]]: On impossible differential attacks [[Petr Susil]]: On algebraic attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[François-Xavier Standaert]]: No subject yet [[Kazumaro Aoki]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:30 - 17:00. Arrive back at the hotel at 17:40 18:00 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 622efd673f1a11a712e18f40119bb2020aaf2824 582 581 2015-01-10T18:02:08Z Joan 3 /* 12 January 2015 1st day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function OR Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Léo Paul Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: No subject yet''' 15:10 - 17:10 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Kaisa Nyberg]]: No subject yet [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption 17:10 - 17:40 ''Break'' '''Session 4: Cryptanalysis''' 17:40 - 19:00 [[Maria Naya-Plasencia]]: On impossible differential attacks [[Petr Susil]]: On algebraic attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[François-Xavier Standaert]]: No subject yet [[Kazumaro Aoki]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:30 - 17:00. Arrive back at the hotel at 17:40 18:00 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 465fe6269d736e247d0c0f836761f804270bfabd 584 582 2015-01-10T18:07:20Z Joan 3 wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function OR Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Léo Paul Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: No subject yet''' 15:10 - 17:10 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption 17:10 - 17:40 ''Break'' '''Session 4: Cryptanalysis''' 17:40 - 19:00 [[Maria Naya-Plasencia]]: On impossible differential attacks [[Petr Susil]]: On algebraic attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks [[Kaisa Nyberg]]: No subject yet 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[François-Xavier Standaert]]: No subject yet [[Kazumaro Aoki]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:30 - 17:00. Arrive back at the hotel at 17:40 18:00 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 765dd954ed876304d8501a6532cfafbee7037e76 586 584 2015-01-12T08:38:17Z Alex 2 /* 14 January 2015 3rd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function OR Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Léo Paul Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: No subject yet''' 15:10 - 17:10 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption 17:10 - 17:40 ''Break'' '''Session 4: Cryptanalysis''' 17:40 - 19:00 [[Maria Naya-Plasencia]]: On impossible differential attacks [[Petr Susil]]: On algebraic attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks [[Kaisa Nyberg]]: No subject yet 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[François-Xavier Standaert]]: No subject yet [[Kazumaro Aoki]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 18:20 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' ecfd93b5b373b019a0d177995ef146c9e1667804 587 586 2015-01-12T08:42:33Z Joan 3 /* 12 January 2015 1st day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Léo Paul Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: No subject yet''' 15:10 - 17:10 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption 17:10 - 17:40 ''Break'' '''Session 4: Cryptanalysis''' 17:40 - 19:00 [[Maria Naya-Plasencia]]: On impossible differential attacks [[Petr Susil]]: On algebraic attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks [[Kaisa Nyberg]]: No subject yet 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[François-Xavier Standaert]]: No subject yet [[Kazumaro Aoki]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 18:20 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 9d8243c3c3a6be3b06f5a59053a09075b253fb0f 0 417 546 2014-12-08T14:41:55Z Yann 1 Created page with "List of participants: *Andrey Bogdanov" wikitext text/x-wiki List of participants: *Andrey Bogdanov b0584712f187806b06e574f41dfe39b2c3682b42 547 546 2014-12-08T14:48:14Z Yann 1 wikitext text/x-wiki List of participants: * Andrey Bogdanov * Anne Canteaut * Antoine Joux * Bart Preneel * Carlos Cid * Cécile Pierrot * Celine Blondeau * Cristian Rechberger * Damian Vizar * Dmitry Khovratovich * Eik List * Elena Andreeva * Eli Biham * Farzaneh Abed * Florian Mendel * François-Xavier Standaert * Frederik Armknecht * Gaetan Leurent * Gildas Avoine * Gilles Van Assche * Gregor Leander * Guido Bertoni * Henri Gilbert * Itai Dinur * Jean-Philippe Aumasson * Kaisa Nyberg * Kan Yasuda * [Kasumaru Aoki * Leo Perrin * Maria Naya-Plasencia * Michael Peeters * Orr Dunkelman * Petr Susil * Reza Reyhanitabar * Steve Babbage * Tetsu Iwata * Thomas Peyrin * Vesselin Velichkov * Willi Meier * Yu Sasaki * Alex Biryukov * Joan Daemen * Stefan Lucks * Serge Vaudenay 72c26a85301e222060880044a5d16e76b59c52f9 548 547 2014-12-08T14:49:07Z Yann 1 Replaced content with "List of participants: * Andrey Bogdanov * Anne Canteaut * Antoine Joux" wikitext text/x-wiki List of participants: * Andrey Bogdanov * Anne Canteaut * Antoine Joux bfa8c398a2069cbb7c6c8a68074fd95b644dc6d1 549 548 2014-12-08T14:49:23Z Yann 1 wikitext text/x-wiki List of participants: * Andrey Bogdanov * Anne Canteaut * Antoine Joux * Bart Preneel 485360d888028993ba78f806d9c272d56df55869 550 549 2014-12-08T14:49:43Z Yann 1 wikitext text/x-wiki List of participants: * Andrey Bogdanov * Anne Canteaut * Antoine Joux * Bart Preneel * Carlos Cid * Cécile Pierrot * Celine Blondeau * Cristian Rechberger * Damian Vizar * Dmitry Khovratovich * Eik List * Elena Andreeva * Eli Biham * Farzaneh Abed * Florian Mendel * François-Xavier Standaert * Frederik Armknecht * Gaetan Leurent * Gildas Avoine * Gilles Van Assche * Gregor Leander * Guido Bertoni * Henri Gilbert * Itai Dinur 8d5e1dee595d0734e5f59ff30900e5292c499e59 551 550 2014-12-08T14:50:00Z Yann 1 wikitext text/x-wiki List of participants: * Andrey Bogdanov * Anne Canteaut * Antoine Joux * Bart Preneel * Carlos Cid * Cécile Pierrot * Celine Blondeau * Cristian Rechberger * Damian Vizar * Dmitry Khovratovich * Eik List * Elena Andreeva * Eli Biham * Farzaneh Abed * Florian Mendel * François-Xavier Standaert * Frederik Armknecht * Gaetan Leurent * Gildas Avoine * Gilles Van Assche * Gregor Leander * Guido Bertoni * Henri Gilbert * Itai Dinur * Jean-Philippe Aumasson * Kaisa Nyberg * Kan Yasuda * Kasumaru Aoki * Leo Perrin * Maria Naya-Plasencia * Michael Peeters * Orr Dunkelman * Petr Susil * Reza Reyhanitabar * Steve Babbage * Tetsu Iwata * Thomas Peyrin * Vesselin Velichkov * Willi Meier * Yu Sasaki * Alex Biryukov * Joan Daemen * Stefan Lucks * Serge Vaudenay 51616453d5e77605572c3cebc02e252e3dfbb3a4 0 3 552 533 2014-12-26T08:14:45Z Joan 3 wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here is the [https://www.cryptolux.org/mediawiki-esc2015/index.php/Seminar_program seminar program] === Proceedings === There will be electronic proceedings like last time, with ISBN and open access license. === Venue === The conference will be held at the hotel [http://www.interclervaux.lu/?lang=en International] in Clervaux, a medieval town in Luxembourg in the [http://en.wikipedia.org/wiki/Ardennes Ardennes]. Please contact the [http://www.interclervaux.lu/?lang=en hotel] for the booking. Please put <fabienne.schmitz@uni.lu> in CC. Hotel prices: Single room : 85 € Double room : 105 € Price includes breakfast, free WiFi, access to wellness (swimming pool, sauna, hammam, fitness). We cover lunches, dinners and venue costs. There are no registration fees. === Tourism === *Clervaux castle *Vianden castle (organized excursion is planned) *Hikes === Weather === Typical temperatures in Luxembourg in January are -2 -- +10. Take a good rain coat and hiking shoes if you want to explore the surroundings. === Sponsors === This event is sponsored by the [http://www.fnr.lu Fonds National de la Recherche Luxembourg] and by the [http://lacs.uni.lu Laboratory of Algorithmics, Cryptology and Security] [[Image:Fnr_logo_web.jpg‎|200px|FNR logo]] [[Image:LACS-logo.jpg‎|200px|LACS logo]] 0f2958993da860f8afed66e5426f4ad78d4a5c25 0 418 556 2014-12-28T11:23:27Z Joan 3 Created page with " Title: Fast correlation attacks over extension fields Joint work with Bin Zhang and Chao Xu Abstract: Existing fast correlation attacks can be efficient but are not partic..." wikitext text/x-wiki Title: Fast correlation attacks over extension fields Joint work with Bin Zhang and Chao Xu Abstract: Existing fast correlation attacks can be efficient but are not particularly suited for the analysis of more recent word oriented stream ciphers. It has been open for several years how to devise fast correlation attacks over extension fields to adapt to such analysis. The aim is to present the necessary steps to bridge this gap. A formal framework for fast correlation attacks over extension fields is constructed. Second, an efficient algorithm to compute large-unit distributions of a broad class of functions is proposed that allows to find better linear approximations than with algorithms for bitwise linear approximations. The methods are applied to the stream cipher SNOW 2.0 to give a fast correlation attack that improves over existing attacks by a factor of more than 2^40. 6b2ccdfb2f777bcaa2209b84802e115b56f5b140 0 419 557 2014-12-28T11:25:09Z Joan 3 Created page with "Title: Design and analysis of memory-hard functions Abstract: Practical attacks on password hashing/key derivation schemes and emergence of dedicated hardware rigs for crypt..." wikitext text/x-wiki Title: Design and analysis of memory-hard functions Abstract: Practical attacks on password hashing/key derivation schemes and emergence of dedicated hardware rigs for cryptocurrency mining motivated the following problem: "Design a fixed-input-length, preimage-resistant hash function such that it runs in fractions of seconds on modern desktops and servers, and the brute-force preimage search is not significantly cheaper on other architectures (GPUs, FPGAs, or even ASICs)." We explore the state-of-the-art of this problem, discuss various issues of performance optimization and the cost metric for the adversaries, show new types of attacks arising in this context, and investigate the existing and prospective solutions from the cryptographic point of view. From the attack point of view, we explore time-memory tradeoffs for memory-intensive password hashing schemes, which have been previously known in the framework of pebbling games on graphs. We outline several new cryptanalytic methods, which apply to two main classes of hashing schemes: those where memory access pattern is data-independent and those where it is data-dependent and is computed at runtime. From the design point of view, we show how to use the logic and memory organization of the x86 architecture to maximize adversary's costs. We also demonstrate how to use multi-threading and read-only memory in the optimal and secure way. 339c4d648ed8356e4c44df31a26ba00f3b55e3a0 0 420 558 2014-12-28T11:25:59Z Joan 3 Created page with "Title: Boosting OMD for Almost Free Authentication of Associated Data Abstract: We propose a new variant of OMD, called pure OMD (p-OMD), which inherits all desirable securit..." wikitext text/x-wiki Title: Boosting OMD for Almost Free Authentication of Associated Data Abstract: We propose a new variant of OMD, called pure OMD (p-OMD), which inherits all desirable security features of OMD while having a more compact structure, providing higher efficiency, and preserving authenticity against nonce-misusing attacks. The original OMD scheme, as submitted to the CAESAR competition, couples a single pass of a variant of the MD iteration with the counter-based XOR MAC algorithm to provide privacy and authenticity. Our improved p-OMD scheme dispenses with the XOR MAC algorithm and is “purely” based on the MD iteration. To process a message of $\ell$ blocks and associated data of $a$ blocks, OMD needs $\ell+a+2$ calls to the compression function while p-OMD only requires $\max\left\{\ell, a\right\}+2$ calls. Therefore, for a typical case where $\ell \geq a$, p-OMD makes just $\ell+2$ calls to the compression function; that is, associated data is processed almost freely compared to OMD. We prove the security of p-OMD under the same standard assumption (pseudo-randomness of the compression function) as made in OMD; moreover, the security bound for p-OMD is the same as that of OMD, showing that the modifications made to boost the performance are without any loss of security. Furthermore, p-OMD has a (partial) level of misuse-resistance to nonce reuse that is lacked in OMD; namely, under nonce reuse p-OMD can still provide authenticity (albeit up to a degraded bound) but OMD cannot. 3b7e1abde843a2e86127198fc7bb8920167c1faa 0 421 559 2014-12-28T11:26:40Z Joan 3 Created page with "Farzaneh Abed: Overview of the CAESAR Candidates for Authenticated Encryption Abstract: The ongoing CAESAR competition aims at finding authenticated encryption schemes that o..." wikitext text/x-wiki Farzaneh Abed: Overview of the CAESAR Candidates for Authenticated Encryption Abstract: The ongoing CAESAR competition aims at finding authenticated encryption schemes that offer advantages over AES-GCM and are suitable for widespread adoption. At the moment, 50 remaining first-round submissions go through an intensive review, analysis and comparison process. While the cryptographic community benefits greatly from the manifold different submission designs, their pure number implies a challenging amount of study. As part of a remedy, we provide an easy-to-grasp overview over functional aspects, security parameters, and robustness offerings of the CAESAR candidates, clustered by their underlying designs (block-cipher-, stream-cipher-, permutation-/sponge-, compression-function-based, dedicated). d4e1b03fb846b475c2ff2b7f62315dee884312bc 0 422 560 2014-12-28T11:27:36Z Joan 3 Created page with "Title: Time-memory Trade-off Applied to Non-uniform Distributions Abstract: Cryptanalytic time-memory trade-offs (TMTO) were introduced by Hellman in 1980 in order to perform..." wikitext text/x-wiki Title: Time-memory Trade-off Applied to Non-uniform Distributions Abstract: Cryptanalytic time-memory trade-offs (TMTO) were introduced by Hellman in 1980 in order to perform key-recovery attacks on cryptosystems. A major advance was presented at Crypto 2003 by Oechslin, with the rainbow tables that outperform Hellman's seminal work. After introducing the cryptanalytic time-memory trade-offs, we will present in this talk a technique to improve the efficiency of TMTOs when considering non-uniform distributions, e.g. to crack non-uniformly distributed passwords. c4c346272c1ade44808aaab1099bc1c69a40df4b 0 423 561 2014-12-28T11:28:22Z Joan 3 Created page with "Title: On Lightweight Stream Ciphers with Shorter Internal States Abstract: To be resistant against certain time-memory-data-tradeoff (TMDTO) attacks, a common rule of thumb ..." wikitext text/x-wiki Title: On Lightweight Stream Ciphers with Shorter Internal States Abstract: To be resistant against certain time-memory-data-tradeoff (TMDTO) attacks, a common rule of thumb says that the internal state size of a stream cipher should be at least twice the security parameter. As memory gates are usually the most area and power consuming components, this implies a sever limitation with respect to possible lightweight implementations. In this talk, we revisit this rule. We argue that a simple shift in the established design paradigm, namely to involve the fixed secret key not only in the initialization process but in the keystream generation phase as well, enables stream ciphers with smaller area size for two reasons. First, it improves the resistance against the mentioned TMDTO attacks which allows to choose smaller state sizes. Second, one can make use of the fact that storing a fixed value (here: the key) requires less area size than realizing a register of the same length. We demonstrate the feasibility of this approach by describing and implementing a concrete stream cipher which uses significantly less area than comparable existing lightweight stream ciphers. 1b1ad46593edec54e221a20f8e922a50086c2a9d 0 424 569 2015-01-05T12:21:57Z Joan 3 Created page with "IV-FV Authenticated Encryption and Triplet-Robust Decryption Abstract We study the nonce-based authenticated encryption where the sender does not transmit the initializatio..." wikitext text/x-wiki IV-FV Authenticated Encryption and Triplet-Robust Decryption Abstract We study the nonce-based authenticated encryption where the sender does not transmit the initialization vector $\IV$ (the nonce) but instead transmits the corresponding finalization vector $\FV$ in a communication channel, possibly along with associated data~$A$, tag $T$ and ciphertext~$C$. Here, $\FV$ should not be merely ``enciphered $\IV$\,'' but be properly generated from~$\IV$, $A$ and plaintext~$M$. A receiver then (hopefully) checks the integrity of quadruplet $(\FV,A,T,C)$ and (hopefully with successful verification) recovers the plaintext $M$ by decrypting $(\FV,A,T,C)$. This paper presents a generic method named tag feedback, which converts a conventional nonce-based scheme to an IV-FV one with just a single invocation of a tweakable block cipher. The tag feedback substantially improves the robustness of the scheme: now the resulting IV-FV scheme remains secure even if the decryption algorithm is compelled to release unverified plaintext~$M$, as long as the accompanying triplet $(\FV,A,T)$ is new. 810f31a5922cdb375a9afdb06d4ec4156d5a860a 570 569 2015-01-05T12:24:13Z Joan 3 wikitext text/x-wiki IV-FV Authenticated Encryption and Triplet-Robust Decryption Abstract We study the nonce-based authenticated encryption where the sender does not transmit the initialization vector IV (the nonce) but instead transmits the corresponding finalization vector FV in a communication channel, possibly along with associated data A, tag T and ciphertext C. Here, FV should not be merely ``enciphered IV,'' but be properly generated from IV, A and plaintext M. A receiver then (hopefully) checks the integrity of quadruplet (FV,A,T,C) and (hopefully with successful verification) recovers the plaintext M by decrypting (FV,A,T,C). This paper presents a generic method named tag feedback, which converts a conventional nonce-based scheme to an IV-FV one with just a single invocation of a tweakable block cipher. The tag feedback substantially improves the robustness of the scheme: now the resulting IV-FV scheme remains secure even if the decryption algorithm is compelled to release unverified plaintext M, as long as the accompanying triplet (FV,A,T) is new. 02a483498588d618f74e2650599a0173fd85b052 571 570 2015-01-05T12:25:02Z Joan 3 wikitext text/x-wiki Title: IV-FV Authenticated Encryption and Triplet-Robust Decryption Abstract: We study the nonce-based authenticated encryption where the sender does not transmit the initialization vector IV (the nonce) but instead transmits the corresponding finalization vector FV in a communication channel, possibly along with associated data A, tag T and ciphertext C. Here, FV should not be merely ``enciphered IV,'' but be properly generated from IV, A and plaintext M. A receiver then (hopefully) checks the integrity of quadruplet (FV,A,T,C) and (hopefully with successful verification) recovers the plaintext M by decrypting (FV,A,T,C). This paper presents a generic method named tag feedback, which converts a conventional nonce-based scheme to an IV-FV one with just a single invocation of a tweakable block cipher. The tag feedback substantially improves the robustness of the scheme: now the resulting IV-FV scheme remains secure even if the decryption algorithm is compelled to release unverified plaintext M, as long as the accompanying triplet (FV,A,T) is new. 9029e934621d0c664a17533a4b417ccb9370f66d 0 407 572 534 2015-01-06T08:10:11Z Alex 2 wikitext text/x-wiki === Participants === *[[Andrey Bogdanov]] *[[Anne Canteaut]] *[[Antoine Joux]] *[[Bart Preneel]] *[[Carlos Cid]] *[[Cécile Pierrot]] *[[Celine Blondeau]] *[[Cristian Rechberger]] *[[Damian Vizar]] *[[Dmitry Khovratovich]] *[[Eik List]] *[[Elena Andreeva]] *[[Farzaneh Abed]] *[[Florian Mendel]] *[[François-Xavier Standaert]] *[[Frederik Armknecht]] *[[Gaetan Leurent]] *[[Gildas Avoine]] *[[Gilles Van Assche]] *[[Gregor Leander]] *[[Guido Bertoni]] *[[Henri Gilbert]] *[[Itai Dinur]] *[[Jean-Philippe Aumasson]] *[[Kaisa Nyberg]] *[[Kan Yasuda]] *[[Kasumaru Aoki]] *[[Leo Perrin]] *[[Maria Naya-Plasencia]] *[[Michael Peeters]] *[[Petr Susil]] *[[Peter Ryan]] *[[Reza Reyhanitabar]] *[[Tetsu Iwata]] *[[Thomas Peyrin]] *[[Vesselin Velichkov]] *[[Willi Meier]] *[[Yu Sasaki]] *[[Alex Biryukov]] *[[Joan Daemen]] *[[Stefan Lucks]] *[[Serge Vaudenay]] 9f2bdaec0381ce961cbe7f39a3890abedb98024c 0 425 574 2015-01-06T15:12:11Z Joan 3 Created page with "Title: ''not available'' Abstract: The design criteria and/or the structure of an S-Box may be secret, for instance in the case of a white-box implementation. In this talk, w..." wikitext text/x-wiki Title: ''not available'' Abstract: The design criteria and/or the structure of an S-Box may be secret, for instance in the case of a white-box implementation. In this talk, we discuss different methods which can be used to reverse-engineer the hidden structure of a S-Box or to at least discard with high probability that it was chosen uniformly at random. As an example, we study the S-Box of Skipjack. 16f8684a722b1ecfc73433b1e85d16909b2a9b97 0 426 578 2015-01-08T17:47:47Z Joan 3 Created page with "Title: Generic security of the keyed sponge Abstract: Sponge functions can be used in keyed modes, for various applications such as authentication and (authenticated) encrypt..." wikitext text/x-wiki Title: Generic security of the keyed sponge Abstract: Sponge functions can be used in keyed modes, for various applications such as authentication and (authenticated) encryption. In this talk, we focus on the generic security of the sponge construction in such modes. We define the outer and inner keyed sponges and bound the probability that they can be distinguished from a random oracle. We speak about the multiplicity and show how to use it to get tight security bounds. Finally, we discuss multi-target scenarios with many independent keys. b85b273b6fcb7e8a9a6ee9d8854853ba3d8dd1c4 0 427 583 2015-01-10T18:03:36Z Joan 3 Created page with "Title: Challenges in White-Box Cryptography The talk will cover basic aspects of white-box cryptography from an industry perspective and will conclude with a few questions to..." wikitext text/x-wiki Title: Challenges in White-Box Cryptography The talk will cover basic aspects of white-box cryptography from an industry perspective and will conclude with a few questions to raise interest in the cryptography community. 1a2855127f04580cc8dbe9b4bd8d87797fa83bb9 0 428 585 2015-01-10T18:08:12Z Joan 3 Created page with "Title: RIV: Decryption-Misuse-Resistant SIV Abstract: In 2006, Rogaway and Shrimpton introduced the well-known deterministic AE scheme SIV, primarily to encrypt high-entropy ..." wikitext text/x-wiki Title: RIV: Decryption-Misuse-Resistant SIV Abstract: In 2006, Rogaway and Shrimpton introduced the well-known deterministic AE scheme SIV, primarily to encrypt high-entropy plaintexts such as cryptographic keys. In the light of misuse-resistance, Fleischmann et al. showed at FSE'2012 that SIV's privacy breaks if an adversary gets access to would-be plaintexts. As a countermeasure, we introduce a decryption-misuse resistant version of SIV, called Robust IV or RIV. 0ad8d806afd49b207496aa48a88f7c256f6889db 2 435 594 2015-01-12T10:10:13Z Yann 1 Created page with "Hi, everybody! <br>I'm Danish male :). <br>I really love RC cars!<br><br>Look into my blog post :: [http://goldenboy.me/members/lucieboothmanc/activity/343738/ Bikinis]" wikitext text/x-wiki Hi, everybody! <br>I'm Danish male :). <br>I really love RC cars!<br><br>Look into my blog post :: [http://goldenboy.me/members/lucieboothmanc/activity/343738/ Bikinis] a10bb86150841797f28dc8c9269743f477afbd1e 629 594 2015-01-12T13:51:24Z Yann 1 Yann moved page [[User:AbigailCrowe]] to [[User:Yann]]: Automatically moved page while merging the user "[[User:AbigailCrowe|AbigailCrowe]]" to "[[User:Yann|Yann]]" wikitext text/x-wiki Hi, everybody! <br>I'm Danish male :). <br>I really love RC cars!<br><br>Look into my blog post :: [http://goldenboy.me/members/lucieboothmanc/activity/343738/ Bikinis] a10bb86150841797f28dc8c9269743f477afbd1e 675 629 2015-01-14T08:54:08Z Yann 1 Blanked the page wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 468 627 2015-01-12T13:40:57Z 83.99.17.42 0 Created page with "Title: On reverse-engineering S-boxes with hidden design criteria or structure Abstract: The design criteria and/or the structure of a S-Box may be secret, for instance in th..." wikitext text/x-wiki Title: On reverse-engineering S-boxes with hidden design criteria or structure Abstract: The design criteria and/or the structure of a S-Box may be secret, for instance in the case of a white-box implementation. In this talk, we discuss different methods which can be used to reverse-engineer the hidden structure of a S-Box or to at least discard with high probability that it was chosen uniformly at random. As an example, we study the S-Box of Skipjack. bf63f413ce3a35ca2d337070b935f4b6c3fc02ab 654 627 2015-01-13T08:49:20Z Guest 4 wikitext text/x-wiki Title: On reverse-engineering S-boxes with hidden design criteria or structure Abstract: The design criteria and/or the structure of a S-Box may be secret, for instance in the case of a white-box implementation. In this talk, we discuss different methods which can be used to reverse-engineer the hidden structure of a S-Box or to at least discard with high probability that it was chosen uniformly at random. As an example, we study the S-Box of Skipjack. [https://www.cryptolux.org/index.php/ESC_2015_Challenge Link to the reverse-engineering challenge] 7aa8b9bd1d38ebad3ff888089bf364091aff0b2f 660 654 2015-01-13T13:21:50Z Yann 1 wikitext text/x-wiki Title: On reverse-engineering S-boxes with hidden design criteria or structure Abstract: The design criteria and/or the structure of a S-Box may be secret, for instance in the case of a white-box implementation. In this talk, we discuss different methods which can be used to reverse-engineer the hidden structure of a S-Box or to at least discard with high probability that it was chosen uniformly at random. As an example, we study the S-Box of Skipjack. [https://www.cryptolux.org/index.php/ESC_2015_Challenge Link to the reverse-engineering challenge] Slides: [[File:Lpe-reverse-engineer.pdf]] cabcd6b70866a2ab007aa3ea41ec7301db4cebd5 661 660 2015-01-13T13:24:54Z Yann 1 wikitext text/x-wiki Title: On reverse-engineering S-boxes with hidden design criteria or structure Abstract: The design criteria and/or the structure of a S-Box may be secret, for instance in the case of a white-box implementation. In this talk, we discuss different methods which can be used to reverse-engineer the hidden structure of a S-Box or to at least discard with high probability that it was chosen uniformly at random. As an example, we study the S-Box of Skipjack. [https://www.cryptolux.org/index.php/ESC_2015_Challenge Link to the reverse-engineering challenge] Slides: [[Media:Lpe-reverse-engineer.pdf]] 875bc9822f5c1e8689cda308b13079ffa3d32a14 0 416 628 587 2015-01-12T13:44:52Z 83.99.17.42 0 Modified "Léo Paul Perrin" into "Leo Perrin" to have the correct link to the abstract. wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: No subject yet''' 15:10 - 17:10 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption 17:10 - 17:40 ''Break'' '''Session 4: Cryptanalysis''' 17:40 - 19:00 [[Maria Naya-Plasencia]]: On impossible differential attacks [[Petr Susil]]: On algebraic attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1:''' 9:00-10:00 [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks [[Kaisa Nyberg]]: No subject yet 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[François-Xavier Standaert]]: No subject yet [[Kazumaro Aoki]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 18:20 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 2b1351be18a507f62a3e27404a28dd9f21e70709 631 628 2015-01-12T13:54:49Z Joan 3 wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption''' 14:10 - 17:10 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[Kaisa Nyberg]]: No subject yet [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 18:20 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption [[Kazumaro Aoki]]: No subject yet 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 29933dbd7ae8452b8d0c9a675acb4ac5713fa37e 632 631 2015-01-12T13:56:21Z Joan 3 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:10-10:40 ''Break'' '''Session 2: Cipher design''' 10:40-12:20 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[Kaisa Nyberg]]: No subject yet [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 18:20 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption [[Kazumaro Aoki]]: No subject yet 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' e42246ebde901b9890f3fa56bf396f2e417e8690 633 632 2015-01-12T13:57:31Z Joan 3 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[Kaisa Nyberg]]: No subject yet [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 18:20 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption [[Kazumaro Aoki]]: No subject yet 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 7b11a11fae1521b2da9225199cdbf435bc2b55e6 634 633 2015-01-12T14:00:33Z Joan 3 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1:''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[Kaisa Nyberg]]: No subject yet [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 18:20 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption [[Kazumaro Aoki]]: No subject yet 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Bart Preneel]]: Post-Snowden crypto 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' ab2a2ddcb1522596c4eb642afe98458dac7f2b85 635 634 2015-01-12T14:03:00Z Joan 3 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[Kaisa Nyberg]]: No subject yet [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 18:20 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption [[Kazumaro Aoki]]: No subject yet 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Bart Preneel]]: Post-Snowden crypto 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 0564717163de1e6bf05a3bae66d90478dd28381a 636 635 2015-01-12T14:05:23Z Joan 3 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair: Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[Kaisa Nyberg]]: No subject yet [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 18:20 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption [[Kazumaro Aoki]]: No subject yet 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Bart Preneel]]: Post-Snowden crypto 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 51ca3a80d302543221c15ec9852de6d8bed0301b 637 636 2015-01-12T14:08:41Z Joan 3 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Bart Preneel)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[Kaisa Nyberg]]: No subject yet [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 18:20 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2:''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption [[Kazumaro Aoki]]: No subject yet 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Bart Preneel]]: Post-Snowden crypto 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 03d08d3f80bf9ac796ccf288c8339e72ad82f362 638 637 2015-01-12T14:09:56Z Joan 3 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Bart Preneel)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[Kaisa Nyberg]]: No subject yet [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 18:20 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption [[Kazumaro Aoki]]: No subject yet 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Bart Preneel]]: Post-Snowden crypto 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' b42243ed451850fafd05adea6adf6d35d1221b42 639 638 2015-01-12T14:13:43Z Joan 3 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Bart Preneel)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Anne Canteaut)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[Kaisa Nyberg]]: No subject yet [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 18:20 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption [[Kazumaro Aoki]]: No subject yet 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Bart Preneel]]: Post-Snowden crypto 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 51ba5c15c0b49f47624f767720c85dd3bf2ca1df 640 639 2015-01-12T14:14:28Z Joan 3 /* 14 January 2015 3rd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Bart Preneel)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Anne Canteaut)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[Kaisa Nyberg]]: No subject yet [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 18:20 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption [[Kazumaro Aoki]]: No subject yet 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Bart Preneel]]: Post-Snowden crypto 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 6285d2c34279f271bca2901cd041393c08380b97 641 640 2015-01-12T14:41:23Z Joan 3 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[Kaisa Nyberg]]: No subject yet [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 18:20 [[Rump session]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption [[Kazumaro Aoki]]: No subject yet 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Bart Preneel]]: Post-Snowden crypto 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 50b983aa3b408d026a47ca4b083c9bd9b32faa97 642 641 2015-01-12T15:00:43Z Joan 3 /* 14 January 2015 3rd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[Kaisa Nyberg]]: No subject yet [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:10 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: No subject yet 10:10-10:40 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:40-12:10 [[Tetsu Iwata]]: On authenticated encryption [[Kazumaro Aoki]]: No subject yet 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Bart Preneel]]: Post-Snowden crypto 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 2e9df14fd39f5009936f6e74ba8f8d36ba5722de 650 642 2015-01-12T21:19:18Z Joan 3 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[Kaisa Nyberg]]: No subject yet [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:20 [[Carlos Cid]]: No subject yet [[Bart Preneel]]: Post-Snowden crypto 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: No subject yet 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 878e8f5f32fa57ccfe561c60c68e8cbb215cc340 651 650 2015-01-13T08:08:55Z Joan 3 /* 14 January 2015 3rd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:20 [[Carlos Cid]]: No subject yet [[Bart Preneel]]: Post-Snowden crypto 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: No subject yet 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 94a13698c9b78da4628556d7e10edeffc9581ba7 652 651 2015-01-13T08:10:42Z Joan 3 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:20 [[Carlos Cid]]: No subject yet [[Bart Preneel]]: Post-Snowden crypto 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 19faface68ec10cc9487b341fa60f79c15a90dda 658 652 2015-01-13T13:15:34Z Joan 3 wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2:''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: No subject yet 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Bart Preneel]]: Post-Snowden crypto 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 [[Carlos Cid]]: No subject yet 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' f90afec9b6969b0816c33093502b7e3192dcac6d 662 658 2015-01-13T14:23:48Z Joan 3 /* 14 January 2015 3rd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Bart Preneel]]: Post-Snowden crypto 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 [[Carlos Cid]]: No subject yet 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 7cf1bb34e0268439352c122e48c70cefcb814dda 663 662 2015-01-13T14:24:59Z Alex 2 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge Reverse-engineering challenge] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Bart Preneel]]: Post-Snowden crypto 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 [[Carlos Cid]]: No subject yet 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 3b2fda6583a412d061495a3279bfd61341d667da 664 663 2015-01-13T14:25:25Z Alex 2 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Bart Preneel]]: Post-Snowden crypto 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3:''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 [[Carlos Cid]]: No subject yet 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 7d9b320185ae1c121044b0f2710a592832cae0f0 665 664 2015-01-13T14:26:17Z Joan 3 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1:''' 9:00-10:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Bart Preneel]]: Post-Snowden crypto 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 [[Carlos Cid]]: No subject yet 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 9bca4f08dc8a6ca6818378098fffeaa48436531b 666 665 2015-01-13T14:27:24Z Joan 3 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Paranoia or not? (Chair Serge Vaudenay)''' 9:00-10:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Bart Preneel]]: Post-Snowden crypto 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4:''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 [[Carlos Cid]]: No subject yet 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 0b33a38506499bd3fcc3db027ade684afcc0e141 667 666 2015-01-13T14:30:00Z Joan 3 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Paranoia or not? (Chair Serge Vaudenay)''' 9:00-10:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Bart Preneel]]: Post-Snowden crypto 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: more on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 [[Carlos Cid]]: No subject yet 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 670ce9ea4b04e6ba024ee95c1ac8bee7d889baa4 670 667 2015-01-13T18:05:32Z Guest 4 /* 16 January 2015 5th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will to the Vianden Castle. Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Paranoia or not? (Chair Serge Vaudenay)''' 9:00-10:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Bart Preneel]]: Post-Snowden crypto 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: more on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 [[Carlos Cid]]: No subject yet [[Thomas Peyrin]]: Cryptanalysis of JAMBU 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 51098fe1efcd97899ed12278e2143a2bc2f2c73f 671 670 2015-01-13T23:10:02Z Alex 2 /* 14 January 2015 3rd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Paranoia or not? (Chair Serge Vaudenay)''' 9:00-10:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Bart Preneel]]: Post-Snowden crypto 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: more on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 [[Carlos Cid]]: No subject yet [[Thomas Peyrin]]: Cryptanalysis of JAMBU 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' a50b584bd432914c4640dc2993241a1745a8202d 672 671 2015-01-14T05:47:33Z Joan 3 /* 16 January 2015 5th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Paranoia or not? (Chair Serge Vaudenay)''' 9:00-10:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Bart Preneel]]: Post-Snowden crypto 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: more on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[Thomas Peyrin]]: Cryptanalysis of JAMBU 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 4f99d5b737d5f71da6210003790e981a8706abc0 673 672 2015-01-14T08:14:51Z Joan 3 /* 14 January 2015 3rd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? [[Preliminary list of speakers]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Paranoia or not? (Chair Serge Vaudenay)''' 9:00-10:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Bart Preneel]]: Post-Snowden crypto 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: more on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[Thomas Peyrin]]: Cryptanalysis of JAMBU 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 9e083dca51032740501e14800b056bbfad1afff4 0 470 643 2015-01-12T15:13:17Z Guest 4 Created page with " == '''Title :''' Let's play with Discrete Logarithm ! Simplified Settings for Discrete Logarithm Algorithms in Small Characteristic Finite Fields. == '''Abstract :''' Publi..." wikitext text/x-wiki == '''Title :''' Let's play with Discrete Logarithm ! Simplified Settings for Discrete Logarithm Algorithms in Small Characteristic Finite Fields. == '''Abstract :''' Public key cryptography (please, don't blame me) is based on hard problems, such as the discrete logarithm problem (DLP). In this talk, I focus on the discrete logarithm problem in finite fields: ''Given F_(p^n) and a generator g of F_(p^n)*, we say that we solve the DLP in F_(p^n) if, for any arbitrary element h in F_(p^n)*, we are able to recover an integer x such that: g^x = h'' When the characteristic p is small compared to the extension degree n, the best complexity that can be achieved is quasipolynomial in log(p^n). I present here a simplified version of this quasipolynomial algorithm that have several advantages: 1/ I swear it is simply :) or at least I will do my best to make it understandable. 2/ Still, it does work. 3/ More seriously : together with additional ideas, simplifying the original settings permits to decrase the complexity of the phases that dominate in practice all discrete logarithms computations in this small characteristic configuration. aa4abff078f8ec71c4d1b3ea159aa3f145e5fa5a 644 643 2015-01-12T15:20:49Z Guest 4 /* Title : Let's play with Discrete Logarithm ! Simplified Settings for Discrete Logarithm Algorithms in Small Characteristic Finite Fields. */ wikitext text/x-wiki == '''Title :''' Let's play with Discrete Logarithm ! Simplified Settings for Discrete Logarithm Algorithms in Small Characteristic Finite Fields. == '''Abstract :''' Public key cryptography (please, don't blame me) is based on hard problems, such as the discrete logarithm problem (DLP). In this talk, I focus on the discrete logarithm problem in finite fields: ''Given F_(p^n) and a generator g of F_(p^n)*, we say that we solve the DLP in F_(p^n) if, for any arbitrary element h in F_(p^n)*, we are able to recover an integer x such that: g^x = h'' When the characteristic p is small compared to the extension degree n, the best complexity that can be achieved is quasipolynomial in log(p^n). I present here a simplified version of this quasipolynomial algorithm that have several advantages: 1/ I swear it is simply :) or at least I will do my best to make it understandable. 2/ Still, it does work. 3/ More seriously : together with additional ideas, simplifying the original settings permits to decrase the complexity of the phases that dominate, in practice, all discrete logarithms computations. 9ed18564808a1c103c074d3adda2290860ffa839 645 644 2015-01-12T15:21:49Z Guest 4 wikitext text/x-wiki == '''Title :''' Let's play with Discrete Logarithm ! Simplified Settings for Discrete Logs in Small Characteristic Finite Fields. == '''Abstract :''' Public key cryptography (please, don't blame me) is based on hard problems, such as the discrete logarithm problem (DLP). In this talk, I focus on the discrete logarithm problem in finite fields: ''Given F_(p^n) and a generator g of F_(p^n)*, we say that we solve the DLP in F_(p^n) if, for any arbitrary element h in F_(p^n)*, we are able to recover an integer x such that: g^x = h'' When the characteristic p is small compared to the extension degree n, the best complexity that can be achieved is quasipolynomial in log(p^n). I present here a simplified version of this quasipolynomial algorithm that have several advantages: 1/ I swear it is simply :) or at least I will do my best to make it understandable. 2/ Still, it does work. 3/ More seriously : together with additional ideas, simplifying the original settings permits to decrase the complexity of the phases that dominate, in practice, all discrete logarithms computations. f01ca3923fe62a064ef95395388b0d894e90f551 646 645 2015-01-12T15:22:38Z Guest 4 /* Title : Let's play with Discrete Logarithm ! Simplified Settings for Discrete Logs in Small Characteristic Finite Fields. */ wikitext text/x-wiki == '''Title :''' Let's play with Discrete Logarithm ! Simplified Settings for Discrete Logs in Small Characteristic Finite Fields. == '''Abstract :''' Public key cryptography (please, don't blame me) is based on hard problems, such as the discrete logarithm problem (DLP). In this talk, I focus on the discrete logarithm problem in finite fields: ''Given F_(p^n) and a generator g of F_(p^n)*, we say that we solve the DLP in F_(p^n) if, for any arbitrary element h in F_(p^n)*, we are able to recover an integer x such that: g^x = h.'' When the characteristic p is small compared to the extension degree n, the best complexity that can be achieved is quasipolynomial in log(p^n). I present here a simplified version of this quasipolynomial algorithm that have several advantages: 1/ I swear it is simply :) or at least I will do my best to make it understandable. 2/ Still, it does work. 3/ More seriously : together with additional ideas, simplifying the original settings permits to decrase the complexity of the phases that dominate, in practice, all discrete logarithms computations. 8305fcd2fa9cda9c105f1017b5b8100db87a4f14 647 646 2015-01-12T15:22:55Z Guest 4 /* Title : Let's play with Discrete Logarithm ! Simplified Settings for Discrete Logs in Small Characteristic Finite Fields. */ wikitext text/x-wiki == '''Title :''' Let's play with Discrete Logarithm ! Simplified Settings for Discrete Logs in Small Characteristic Finite Fields. == '''Abstract :''' Public key cryptography (please, don't blame me) is based on hard problems, such as the discrete logarithm problem (DLP). In this talk, I focus on the discrete logarithm problem in finite fields: ''Given F_(p^n) and a generator g of F_(p^n)*, we say that we solve the DLP in F_(p^n) if, for any arbitrary element h in F_(p^n)*, we are able to recover an integer x such that: g^x = h.'' When the characteristic p is small compared to the extension degree n, the best complexity that can be achieved is quasipolynomial in log(p^n). I present here a simplified version of this quasipolynomial algorithm that have several advantages: 1/ I swear it is simply :) or at least I will do my best to make it understandable. 2/ Still, it does work. 3/ More seriously : together with additional ideas, simplifying the original settings permits to decrase the complexity of the phases that dominate, in practice, all discrete logarithms computations. 7a9a8c1ceea10c2641170826d1b31c703671f434 648 647 2015-01-12T15:29:23Z Guest 4 /* Title : Let's play with Discrete Logarithm ! Simplified Settings for Discrete Logs in Small Characteristic Finite Fields. */ wikitext text/x-wiki == '''Title :''' Simplified Settings for Discrete Logarithm in Small Characteristic Finite Fields. == '''Abstract :''' Public key cryptography (please, don't blame me) is based on hard problems, such as the discrete logarithm problem (DLP). In this talk, I focus on the discrete logarithm problem in finite fields: ''Given F_(p^n) and a generator g of F_(p^n)*, we say that we solve the DLP in F_(p^n) if, for any arbitrary element h in F_(p^n)*, we are able to recover an integer x such that: g^x = h.'' When the characteristic p is small compared to the extension degree n, the best complexity that can be achieved is quasipolynomial in log(p^n). I present here a simplified version of this quasipolynomial algorithm that have several advantages: 1/ I swear it is simply :) or at least I will do my best to make it understandable. 2/ Still, it does work. 3/ More seriously : together with additional ideas, simplifying the original settings permits to decrase the complexity of the phases that dominate, in practice, all discrete logarithms computations. 8efe6524396ff0c655011c4aa7b95cc14675c319 649 648 2015-01-12T15:31:40Z Guest 4 /* Title : Simplified Settings for Discrete Logarithm in Small Characteristic Finite Fields. */ wikitext text/x-wiki == '''Title :''' Simplified Settings for Discrete Logarithm in Small Characteristic Finite Fields. == '''Abstract :''' Public key cryptography (please, don't blame me) is based on hard problems, such as the discrete logarithm problem (DLP). In this talk, I focus on the discrete logarithm problem in finite fields: ''Given F_(p^n) and a generator g of F_(p^n)*, we say that we solve the DLP in F_(p^n) if, for any arbitrary element h in F_(p^n)*, we are able to recover an integer x such that: g^x = h.'' When the characteristic p is small compared to the extension degree n, the best complexity that can be achieved is quasipolynomial in log(p^n). I present here a simplified version of this quasipolynomial algorithm that have several advantages: 1/ I swear it is simple :) or at least I will do my best to make it understandable. 2/ Still, it does work. 3/ More seriously : together with additional ideas, simplifying the original settings permits to decrase the complexity of the phases that dominate, in practice, all discrete logarithms computations. c7439eb1148bb7fab04cf2c11ca1214d03737ef9 0 407 653 572 2015-01-13T08:12:13Z Joan 3 /* Participants */ wikitext text/x-wiki === Participants === *[[Andrey Bogdanov]] *[[Anne Canteaut]] *[[Antoine Joux]] *[[Bart Preneel]] *[[Carlos Cid]] *[[Cécile Pierrot]] *[[Celine Blondeau]] *[[Cristian Rechberger]] *[[Damian Vizar]] *[[Dmitry Khovratovich]] *[[Eik List]] *[[Elena Andreeva]] *[[Farzaneh Abed]] *[[Florian Mendel]] *[[François-Xavier Standaert]] *[[Frederik Armknecht]] *[[Gaetan Leurent]] *[[Gildas Avoine]] *[[Gilles Van Assche]] *[[Gregor Leander]] *[[Guido Bertoni]] *[[Henri Gilbert]] *[[Itai Dinur]] *[[Jean-Philippe Aumasson]] *[[Kaisa Nyberg]] *[[Kan Yasuda]] *[[Kazumaro Aoki]] *[[Leo Perrin]] *[[Maria Naya-Plasencia]] *[[Michael Peeters]] *[[Petr Susil]] *[[Peter Ryan]] *[[Reza Reyhanitabar]] *[[Tetsu Iwata]] *[[Thomas Peyrin]] *[[Vesselin Velichkov]] *[[Willi Meier]] *[[Yu Sasaki]] *[[Alex Biryukov]] *[[Joan Daemen]] *[[Stefan Lucks]] *[[Serge Vaudenay]] 17a44f6f7fb5b67d50ee7b61c302fa1e4b64f8f0 0 471 655 2015-01-13T08:54:16Z Guest 4 Created page with "In this talk, we present some experimental results on multidimensional zero-correlation linear attacks and multiple zero-correlation linear attack. We show how, considering di..." wikitext text/x-wiki In this talk, we present some experimental results on multidimensional zero-correlation linear attacks and multiple zero-correlation linear attack. We show how, considering distinct known plaintexts, we can improve the complexity of multiple zero-correlation attacks. Some open questions related to the relation between differential and linear attacks are also discussed. b36c573f3a2853e24282707e0ff63a776f6bae85 657 655 2015-01-13T08:56:54Z Guest 4 wikitext text/x-wiki Céline Blondeau: Remarks on the data complexity of some statistical attacks In this talk, we present some experimental results on multidimensional zero-correlation linear attacks and multiple zero-correlation linear attack. We show how, considering distinct known plaintexts, we can improve the complexity of multiple zero-correlation attacks. Some open questions related to the relation between differential and linear attacks are also discussed. 97d0c506c147903934dfdb0e43b5a192d649a175 0 472 656 2015-01-13T08:55:39Z Guest 4 Created page with "Céline Blondeau: Remarks on the data complexity of some statistical attacks In this talk, we present some experimental results on multidimensional zero-correlation linear at..." wikitext text/x-wiki Céline Blondeau: Remarks on the data complexity of some statistical attacks In this talk, we present some experimental results on multidimensional zero-correlation linear attacks and multiple zero-correlation linear attack. We show how, considering distinct known plaintexts, we can improve the complexity of multiple zero-correlation attacks. Some open questions related to the relation between differential and linear attacks are also discussed. 97d0c506c147903934dfdb0e43b5a192d649a175 6 473 659 2015-01-13T13:21:03Z Yann 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 474 668 2015-01-13T16:55:52Z Guest 4 Created page with "Differential-linear (DL) cryptanalysis has been quite successful in attacking block ciphers, Serpent, in particular. At FSE 2014 Blondeau et al. provided a thorough analysis o..." wikitext text/x-wiki Differential-linear (DL) cryptanalysis has been quite successful in attacking block ciphers, Serpent, in particular. At FSE 2014 Blondeau et al. provided a thorough analysis of its foundations. We gave a complete expression of the probability of the DL relation in terms of the differential probabilities of the first part of the cipher and squared correlations over the latter part of the cipher. We know by now that DL statistics can be derived from a truncated differential attack. In applications the simple models by Biham et al. [Asiacrypt 2002] and Lu [FSE 2012] are still widely used. The question how these simple ad hoc models relate to the theory was not yet addressed. In this talk I will identify some sufficient assumptions under which the previous models can be derived from our general model. These considerations have relevance in practice: cryptanalysts should know which properties of the cipher are sufficient to be validated in simulations, when using the models of Biham et al. or Lu. At the end of my talk I will discuss another statistical model of DL attacks, which is more efficient in terms of data complexity. Interestingly, this model captures also the average behaviour of boomerang probabilities. 2a2de65038d0f61e5ef4cb23537795899064e18d 669 668 2015-01-13T17:04:28Z Guest 4 wikitext text/x-wiki ''Title:'' Reverse-Engineering Hidden Assumptions in Differential-Linear Attacks ''Abstract:'' Differential-linear (DL) cryptanalysis has been quite successful in attacking block ciphers, Serpent, in particular. At FSE 2014 Blondeau et al. provided a thorough analysis of its foundations. We gave a complete expression of the probability of the DL relation in terms of the differential probabilities of the first part of the cipher and squared correlations over the latter part of the cipher. We know by now that DL statistics can be derived from a truncated differential attack. In applications the simple models by Biham et al. [Asiacrypt 2002] and Lu [FSE 2012] are still widely used. The question how these simple ad hoc models relate to the theory was not yet addressed. In this talk I will identify some sufficient assumptions under which the previous models can be derived from our general model. These considerations have relevance in practice: cryptanalysts should know which properties of the cipher are sufficient to be validated in simulations, when using the models of Biham et al. or Lu. At the end of my talk I will discuss another statistical model of DL attacks, which is more efficient in terms of data complexity. Interestingly, this model captures also the average behaviour of boomerang probabilities. 5fe636c987877b35bd63706f35cc1169424fae53 0 475 674 2015-01-14T08:16:43Z Joan 3 Created page with "Willi Meier Yu Sasaki Gregor Leander Henri Gilbert Damien Vizar Yu Sasaki again Christian Rechberger Leo Perrin" wikitext text/x-wiki Willi Meier Yu Sasaki Gregor Leander Henri Gilbert Damien Vizar Yu Sasaki again Christian Rechberger Leo Perrin 2850c1fc5a03b1d8e6b1f5f3b4be492ac77b46e3 676 674 2015-01-14T09:52:21Z Guest 4 wikitext text/x-wiki Willi Meier Yu Sasaki Gregor Leander Henri Gilbert Damian Vizar Yu Sasaki again Christian Rechberger Leo Perrin Thomas Peyrin Gaetan Leurent e1484e1fd1118615182d6b747e5e4aefebf4da98 0 416 677 673 2015-01-14T09:57:20Z Guest 4 /* 14 January 2015 3rd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of some statistical attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? [[Preliminary list of speakers]]. Please send your slides at <code>michael -DOT- peeters _AT_ noekeon -DOT- org</code> before 18:00. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Paranoia or not? (Chair Serge Vaudenay)''' 9:00-10:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Bart Preneel]]: Post-Snowden crypto 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: more on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[Thomas Peyrin]]: Cryptanalysis of JAMBU 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 2358304cd69d67803043b4e32b15505adf8f4ba7 678 677 2015-01-14T10:12:04Z Guest 4 /* 14 January 2015 3rd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? [[Preliminary list of speakers]]. Please send your slides at <code>michael -DOT- peeters _AT_ noekeon -DOT- org</code> before 18:00. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Paranoia or not? (Chair Serge Vaudenay)''' 9:00-10:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Bart Preneel]]: Post-Snowden crypto 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: more on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[Thomas Peyrin]]: Cryptanalysis of JAMBU 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' b7fd9915b3de4f95cd3b913d925329d011348883 684 678 2015-01-14T13:15:52Z Guest 4 /* 14 January 2015 3rd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Paranoia or not? (Chair Serge Vaudenay)''' 9:00-10:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Bart Preneel]]: Post-Snowden crypto 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: more on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[Thomas Peyrin]]: Cryptanalysis of JAMBU 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 832b2eadd0063b59aa5b49989362ed2599643a5e 691 684 2015-01-14T21:49:38Z Alex 2 /* 16 January 2015 5th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Paranoia or not? (Chair Serge Vaudenay)''' 9:00-10:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Bart Preneel]]: Post-Snowden crypto 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Tetsu Iwata]]: On authenticated encryption 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: more on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[Thomas Peyrin]]: Cryptanalysis of JAMBU 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' f4e2590dd8f2f613439bee7901f948b0af36006e 695 691 2015-01-15T07:48:57Z Joan 3 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[Tetsu Iwata]]: On authenticated encryption 10:20-10:50 ''Break'' '''Session 2: Authenticated encryption (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: more on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1:''' 9:00-10:25 [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[Thomas Peyrin]]: Cryptanalysis of JAMBU 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 67cb089d5c78e2618e8f5da645938ef2c6b03cdc 697 695 2015-01-15T07:50:36Z Joan 3 wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[Tetsu Iwata]]: On authenticated encryption 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: more on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Crypanalysis''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 53f62af2523445cba77520d80418393842890e02 698 697 2015-01-15T07:50:59Z Joan 3 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[Tetsu Iwata]]: On authenticated encryption 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: more on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Crypanalysis''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2:''' 10:50-12:20 ''Closing ESC2015'' 12:30-14:00 ''Lunch'' bcc0ba07254d43360616e770028d4a400ad6ed27 699 698 2015-01-15T07:52:44Z Joan 3 /* 16 January 2015 5th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[Tetsu Iwata]]: On authenticated encryption 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: more on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 3e4b274020395cb038cc2b8a1b0df79e096a80ee 700 699 2015-01-15T07:53:34Z Joan 3 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[Tetsu Iwata]]: On authenticated encryption 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 624aa33c3186508ceba5ed1e3d0f78038a6792d9 704 700 2015-01-15T09:59:22Z Guest 4 wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[Tetsu Iwata]]: On authenticated encryption 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 66dbdbf19c6e50c106c0124dac4739de685e16e8 708 704 2015-01-15T10:04:39Z Guest 4 /* 12 January 2015 1st day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides on ShiftRows]]] [[media:Simon_esc2015.pdf|[slides on SIMON]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[Tetsu Iwata]]: On authenticated encryption 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' ab327106acb3f07f52cd2ca5291e08efb544dc9e 709 708 2015-01-15T10:05:20Z Guest 4 /* 12 January 2015 1st day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[Tetsu Iwata]]: On authenticated encryption 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' d57dff6ee194740b0ba76c05ab9a63eaec714f28 711 709 2015-01-15T10:07:15Z Guest 4 /* 12 January 2015 1st day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[Tetsu Iwata]]: On authenticated encryption 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 115d673163167be75362ba1950ba09c53c34043f 713 711 2015-01-15T10:09:54Z Guest 4 /* 12 January 2015 1st day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[Tetsu Iwata]]: On authenticated encryption 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' cd136179453667eac04a817c2bacc7c98ef73eaa 716 713 2015-01-15T10:11:17Z Guest 4 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On authenticated encryption 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 7e0a088ada76ae0157ed04e03f5fd9b6a312ca0f 719 716 2015-01-15T10:13:57Z Guest 4 /* 12 January 2015 1st day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On authenticated encryption 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' b986fc423625ccbd2e9f63d5c2b0146c869b07d4 723 719 2015-01-15T10:16:13Z Guest 4 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On authenticated encryption 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 4a503b15a6a72cd30f321b48f748ac1b0dc4b0da 725 723 2015-01-15T10:23:32Z Guest 4 /* 12 January 2015 1st day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On authenticated encryption 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 279365ea5b0a2b72e0379de9b315a1fb2cc7f75c 0 471 679 657 2015-01-14T10:13:22Z Guest 4 wikitext text/x-wiki Céline Blondeau: Remarks on the data complexity of zero-correlation linear attacks In this talk, we present some experimental results on multidimensional zero-correlation linear attacks and multiple zero-correlation linear attack. We show how, considering distinct known plaintexts, we can improve the complexity of multiple zero-correlation attacks. 0428ac8d00f88143d2decaaa45d7cea3e7992aca 0 475 680 676 2015-01-14T13:04:06Z Guest 4 wikitext text/x-wiki Willi Meier Yu Sasaki Gregor Leander Henri Gilbert Damian Vizar Christian Rechberger Leo Perrin Thomas Peyrin Gaetan Leurent Farzaneh Abed 8d68591f78f4139eacbe565021a25f3bfdc303bc 681 680 2015-01-14T13:09:31Z Guest 4 wikitext text/x-wiki {| |Willi Meier ||Higher order differentials in NORX |- |Yu Sasaki ||How to Incorporate Associated Data in Sponge-Based Authenticated Encryption |- |Gregor Leander ||Decomposing ASASA |- |Henri Gilbert ||on padding oracle attacks |- |Damian Vizar ||Boosting Keyak for Almost Free Authentication of Associated Data |- |Christian Rechberger ||TBC |- |Leo Perrin ||TBC |- |Thomas Peyrin ||TBC |- |Gaetan Leurent ||TBC |- |Farzaneh Abed ||TBC |} 846db7c47c4e0821b9fe07dc75fa6503f2da6e46 682 681 2015-01-14T13:12:42Z Guest 4 Guest moved page [[Preliminary list of speakers]] to [[Rump session]]: Better title wikitext text/x-wiki {| |Willi Meier ||Higher order differentials in NORX |- |Yu Sasaki ||How to Incorporate Associated Data in Sponge-Based Authenticated Encryption |- |Gregor Leander ||Decomposing ASASA |- |Henri Gilbert ||on padding oracle attacks |- |Damian Vizar ||Boosting Keyak for Almost Free Authentication of Associated Data |- |Christian Rechberger ||TBC |- |Leo Perrin ||TBC |- |Thomas Peyrin ||TBC |- |Gaetan Leurent ||TBC |- |Farzaneh Abed ||TBC |} 846db7c47c4e0821b9fe07dc75fa6503f2da6e46 685 682 2015-01-14T13:23:56Z Guest 4 wikitext text/x-wiki '''Please send your slides at <code>michael -DOT- peeters _AT_ noekeon -DOT- org</code> before 18:00.''' Here the (DRAFT) rump session program: {| class=wikitable |18h20||6 min||Willi Meier ||Higher order differentials in NORX |- |18h26||5 min||Yu Sasaki ||How to Incorporate Associated Data in Sponge-Based Authenticated Encryption |- |18h31||3 min||Gregor Leander ||Decomposing ASASA |- |18h36||5 min||Henri Gilbert ||on padding oracle attacks |- |18h42||6 min||Damian Vizar ||Boosting Keyak for Almost Free Authentication of Associated Data |- |18h47||5 min||Christian Rechberger ||TBC |- |18h52||5 min||Leo Perrin ||TBC |- |18h54||2 min||Thomas Peyrin ||TBC |- |18h59||5 min||Gaetan Leurent ||TBC |- |19h00||1 min||Farzaneh Abed ||TBC |} 8873913dea63d68a04544a80d74753688baab5fa 686 685 2015-01-14T13:50:42Z Guest 4 wikitext text/x-wiki '''Please send your slides at <code>michael -DOT- peeters _AT_ noekeon -DOT- org</code> before 18:00.''' Here the (DRAFT) rump session program: {| class=wikitable !Start !! # min !! Author !! Title |- |18h20||6||Willi Meier ||Higher order differentials in NORX |- |18h26||5||Yu Sasaki ||How to Incorporate Associated Data in Sponge-Based Authenticated Encryption |- |18h31||3||Gregor Leander ||Decomposing ASASA |- |18h34||5||Henri Gilbert ||on padding oracle attacks |- |18h39||6||Damian Vizar ||Boosting Keyak for Almost Free Authentication of Associated Data |- |18h45||5||Christian Rechberger ||TBC |- |18h50||5||Leo Perrin ||TBC |- |18h52||2||Thomas Peyrin ||TBC |- |18h57||5||Gaetan Leurent ||TBC |- |19h02||1||Farzaneh Abed ||TBC |- |19h03 |colspan=3|''the end'' |} 19d7bb5cfe98e63d7ea0bc1c8cebcb9115103c49 687 686 2015-01-14T14:04:12Z Guest 4 wikitext text/x-wiki '''Please send your slides at <code>michael -DOT- peeters _AT_ noekeon -DOT- org</code> before 18:00.''' Here the (DRAFT) rump session program: {| class=wikitable !Start !! # min !! Author !! Title |- |18h20||6||Willi Meier ||Higher Order Differentials in NORX |- |18h26||5||Yu Sasaki ||How to Incorporate Associated Data in Sponge-Based Authenticated Encryption |- |18h31||3||Gregor Leander ||Decomposing ASASA |- |18h34||5||Henri Gilbert ||On Padding Oracle Attacks |- |18h39||6||Damian Vizar ||Boosting Keyak for Almost Free Authentication of Associated Data |- |18h45||5||Christian Rechberger ||TBC |- |18h50||5||Leo Perrin ||TBC |- |18h52||2||Thomas Peyrin ||TBC |- |18h57||5||Gaetan Leurent ||TBC |- |19h02||1||Farzaneh Abed ||TBC |- |19h03 |colspan=3|''the end'' |} ba274fadecf90dabf323373ef9c4a446b5e3fe82 689 687 2015-01-14T16:49:57Z Guest 4 wikitext text/x-wiki '''Please send your slides at <code>michael -DOT- peeters _AT_ noekeon -DOT- org</code> before 18:00.''' Here the (DRAFT) rump session program: {| class=wikitable !Start !! # min !! Author !! Title |- |18h20||6||Willi Meier ||Higher Order Differentials in NORX |- |18h26||5||Yu Sasaki ||How to Incorporate Associated Data in Sponge-Based Authenticated Encryption |- |18h31||3||Gregor Leander ||Decomposing ASASA |- |18h34||6||Henri Gilbert ||On Padding Oracle Attacks |- |18h40||6||Damian Vizar ||Boosting Keyak for Almost Free Authentication of Associated Data |- |18h46||5||Christian Rechberger ||TBC |- |18h51||5||Leo Perrin ||TBC |- |18h53||2||Thomas Peyrin ||TBC |- |18h58||5||Gaetan Leurent ||TBC |- |19h03||1||Farzaneh Abed ||TBC |- |19h04 |colspan=3|''the end'' |} 168ddf020528dec1ed62c45fd2ae718eee8e5911 690 689 2015-01-14T16:50:46Z Guest 4 wikitext text/x-wiki '''Please send your slides at <code>michael -DOT- peeters _AT_ noekeon -DOT- org</code> before 18:00.''' Here the (DRAFT) rump session program: {| class=wikitable !Start !! # min !! Author !! Title |- |18h20||6||Willi Meier ||Higher Order Differentials in NORX |- |18h26||5||Yu Sasaki ||How to Incorporate Associated Data in Sponge-Based Authenticated Encryption |- |18h31||3||Gregor Leander ||Decomposing ASASA |- |18h34||6||Henri Gilbert ||Format Oracles in OpenPGP |- |18h40||6||Damian Vizar ||Boosting Keyak for Almost Free Authentication of Associated Data |- |18h46||5||Christian Rechberger ||TBC |- |18h51||5||Leo Perrin ||TBC |- |18h53||2||Thomas Peyrin ||DIAC 2015 & ASK 2015 in Singapore |- |18h58||5||Gaetan Leurent ||Cryptanalysis of Marble |- |19h03||1||Farzaneh Abed ||On Cryptographer Alignment |- |19h04 |colspan=3|''the end'' |} fa7008d1304231cff432162e2792096d48282e40 0 476 683 2015-01-14T13:12:42Z Guest 4 Guest moved page [[Preliminary list of speakers]] to [[Rump session]]: Better title wikitext text/x-wiki #REDIRECT [[Rump session]] f987e9bf978837708bdcae9692f93c1dd444118d 0 477 688 2015-01-14T16:48:02Z Guest 4 Created page with "Title: On Improving the Data Complexity of Attacks on RC5 Joint work with Alex Biryukov Abstract: TBA" wikitext text/x-wiki Title: On Improving the Data Complexity of Attacks on RC5 Joint work with Alex Biryukov Abstract: TBA e7c1b0576e29b37354d214e4ba3044c1af9e854e 0 407 692 653 2015-01-14T21:56:37Z Alex 2 wikitext text/x-wiki === Participants === *[[Andrey Bogdanov]] *[[Anne Canteaut]] *[[Antoine Joux]] *[[Bart Preneel]] *[[Carlos Cid]] *[[Cécile Pierrot]] *[[Celine Blondeau]] *[[Cristian Rechberger]] *[[Damian Vizar]] *[[Dmitry Khovratovich]] *[[Eik List]] *[[Elena Andreeva]] *[[Farzaneh Abed]] *[[Florian Mendel]] *[[François-Xavier Standaert]] *[[Frederik Armknecht]] *[[Gaetan Leurent]] *[[Gildas Avoine]] *[[Gilles Van Assche]] *[[Gregor Leander]] *[[Henri Gilbert]] *[[Itai Dinur]] *[[Kaisa Nyberg]] *[[Kan Yasuda]] *[[Kazumaro Aoki]] *[[Leo Perrin]] *[[Maria Naya-Plasencia]] *[[Michael Peeters]] *[[Petr Susil]] *[[Peter Ryan]] *[[Reza Reyhanitabar]] *[[Tetsu Iwata]] *[[Thomas Peyrin]] *[[Vesselin Velichkov]] *[[Willi Meier]] *[[Yu Sasaki]] *[[Alex Biryukov]] *[[Joan Daemen]] *[[Stefan Lucks]] *[[Serge Vaudenay]] 6fe8ce70c86634793103135788190139082cfded 0 478 693 2015-01-15T07:48:29Z Guest 4 Created page with "Title: Observations on Proest and Minalpher Abstract: This talk consists of two talks. The first part considers some property, and analyzes Proest and Minalpher sboxes. The..." wikitext text/x-wiki Title: Observations on Proest and Minalpher Abstract: This talk consists of two talks. The first part considers some property, and analyzes Proest and Minalpher sboxes. The second part considers the implementation of the underlying primitive of Proest and Minalpher. Comments on Sandy/Ivy Bridge and Haswell/Broadwell are given. a4651828523877e2617c971a4792937a885bb084 694 693 2015-01-15T07:48:51Z Guest 4 wikitext text/x-wiki Title: Observations on Proest and Minalpher Abstract: This talk consists of two talks. The first part considers some property on sbox, and analyzes Proest and Minalpher sboxes. The second part considers the implementation of the underlying primitive of Proest and Minalpher. Comments on Sandy/Ivy Bridge and Haswell/Broadwell are given. 4971596b34234442c28433ebb0990609d558e60c 0 479 696 2015-01-15T07:49:51Z Guest 4 Created page with "See the contents from list of participants page." wikitext text/x-wiki See the contents from list of participants page. 80499340d69620aea6dc25f5718c5d2f5725e731 6 480 701 2015-01-15T08:06:13Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 468 702 661 2015-01-15T09:58:19Z Guest 4 wikitext text/x-wiki Title: On reverse-engineering S-boxes with hidden design criteria or structure [[Media:Lpe-reverse-engineer.pdf|slides]] Abstract: The design criteria and/or the structure of a S-Box may be secret, for instance in the case of a white-box implementation. In this talk, we discuss different methods which can be used to reverse-engineer the hidden structure of a S-Box or to at least discard with high probability that it was chosen uniformly at random. As an example, we study the S-Box of Skipjack. [https://www.cryptolux.org/index.php/ESC_2015_Challenge Link to the reverse-engineering challenge] a841600cb8930d150f4e5f13d5f7a9fbe6640e47 703 702 2015-01-15T09:58:41Z Guest 4 wikitext text/x-wiki Title: On reverse-engineering S-boxes with hidden design criteria or structure [[Media:Lpe-reverse-engineer.pdf|[slides]]] Abstract: The design criteria and/or the structure of a S-Box may be secret, for instance in the case of a white-box implementation. In this talk, we discuss different methods which can be used to reverse-engineer the hidden structure of a S-Box or to at least discard with high probability that it was chosen uniformly at random. As an example, we study the S-Box of Skipjack. [https://www.cryptolux.org/index.php/ESC_2015_Challenge Link to the reverse-engineering challenge] aeacac34b7f35126f708b3643a68923330d4dbd9 6 481 705 2015-01-15T10:01:18Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 482 706 2015-01-15T10:03:08Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 483 707 2015-01-15T10:04:09Z Guest 4 Created page with "title: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides on ShiftRows]]..." wikitext text/x-wiki title: Some insights in the Simon round function AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides on ShiftRows]]] [[media:Simon_esc2015.pdf|[slides on SIMON]]] e80ff0f1968401f95a46f8dd856b9c001f76efc1 0 418 710 556 2015-01-15T10:06:58Z Guest 4 wikitext text/x-wiki Title: Fast correlation attacks over extension fields [[media:Large-unit.pdf|[slides]]] Joint work with Bin Zhang and Chao Xu Abstract: Existing fast correlation attacks can be efficient but are not particularly suited for the analysis of more recent word oriented stream ciphers. It has been open for several years how to devise fast correlation attacks over extension fields to adapt to such analysis. The aim is to present the necessary steps to bridge this gap. A formal framework for fast correlation attacks over extension fields is constructed. Second, an efficient algorithm to compute large-unit distributions of a broad class of functions is proposed that allows to find better linear approximations than with algorithms for bitwise linear approximations. The methods are applied to the stream cipher SNOW 2.0 to give a fast correlation attack that improves over existing attacks by a factor of more than 2^40. dc98c01bbc7607cd914bf82cb46012cc4955094f 6 484 712 2015-01-15T10:09:04Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 413 714 575 2015-01-15T10:10:09Z Guest 4 wikitext text/x-wiki Title: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] Abstract: We study threshold sharing schemes against DPA and investigate in what way the failure to meet the uniformity condition may jeopardize the immunity against first-order DPA. For this we introduce a treatment of discrete distributions and vector Boolean mappings in the spectral domain using correlation matrices. We identify the characteristic properties of discrete distributions and mappings that are important in the macroscopic analysis: the total imbalance and imbalance contribution. We show that the total imbalance of the result of applying an iterated mapping to an input is the sum of the imbalance of that input plus the sum of the imbalances of the rounds of the iterated mappings. In the microscopic analysis we make use of (reduced) correlation matrices and imbalance vectors that are inherent in lossy mappings. We apply our theory on non-uniform sharing and use the one for Keccak as a test bench for our techniques. In particular, we propose an new generic trick to address non-uniformity and show that its application makes any remaining imbalances unexploitable. cbb01a632911a4eaec3b5c8fe1c09b36457add65 6 485 715 2015-01-15T10:10:26Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 486 717 2015-01-15T10:11:28Z Guest 4 Created page with "title: Post-Snowden crypto [[media:Pdf.pdf|[slides]]]" wikitext text/x-wiki title: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] 9c2d31963a37dc2cfd1a35d6ab9e10363d2a7bbb 6 487 718 2015-01-15T10:13:03Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 426 720 578 2015-01-15T10:14:08Z Guest 4 wikitext text/x-wiki Title: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] Abstract: Sponge functions can be used in keyed modes, for various applications such as authentication and (authenticated) encryption. In this talk, we focus on the generic security of the sponge construction in such modes. We define the outer and inner keyed sponges and bound the probability that they can be distinguished from a random oracle. We speak about the multiplicity and show how to use it to get tight security bounds. Finally, we discuss multi-target scenarios with many independent keys. 73b01c77c1e56f3db9bdb387814b4d15c37ff586 6 488 721 2015-01-15T10:15:28Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 489 722 2015-01-15T10:15:44Z Guest 4 Created page with "title: On impossible differential attacks [[media:ESC15.pdf|[slides]]]" wikitext text/x-wiki title: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 73126e5caacbbd8cd313e179480578fab5a547db 6 490 724 2015-01-15T10:22:27Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 420 726 558 2015-01-15T10:23:41Z Guest 4 wikitext text/x-wiki Title: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] Abstract: We propose a new variant of OMD, called pure OMD (p-OMD), which inherits all desirable security features of OMD while having a more compact structure, providing higher efficiency, and preserving authenticity against nonce-misusing attacks. The original OMD scheme, as submitted to the CAESAR competition, couples a single pass of a variant of the MD iteration with the counter-based XOR MAC algorithm to provide privacy and authenticity. Our improved p-OMD scheme dispenses with the XOR MAC algorithm and is “purely” based on the MD iteration. To process a message of $\ell$ blocks and associated data of $a$ blocks, OMD needs $\ell+a+2$ calls to the compression function while p-OMD only requires $\max\left\{\ell, a\right\}+2$ calls. Therefore, for a typical case where $\ell \geq a$, p-OMD makes just $\ell+2$ calls to the compression function; that is, associated data is processed almost freely compared to OMD. We prove the security of p-OMD under the same standard assumption (pseudo-randomness of the compression function) as made in OMD; moreover, the security bound for p-OMD is the same as that of OMD, showing that the modifications made to boost the performance are without any loss of security. Furthermore, p-OMD has a (partial) level of misuse-resistance to nonce reuse that is lacked in OMD; namely, under nonce reuse p-OMD can still provide authenticity (albeit up to a degraded bound) but OMD cannot. a5a82976768acf3908ca550baffde7f41d0707ce 0 410 727 537 2015-01-15T11:28:06Z Guest 4 wikitext text/x-wiki This talk deals with the security of symmetric-key algorithms under Trojans. It was motivated by the recent revelations of Snowden about NSA's mass surveillance practices. We study the security of AES in the presence of a patronizing Trojan: We let a part of the state leak in each encryption/decryption. We apply state-of-the-art symmetric-key cryptanalyic techniques to evaluate the residual key-recovery security. We consider a wide spectrum of settings which range from Trojans with less control all the way to the more powerful adversaries with deeper knowledge of the execution environment. Rather surprisingly, we observe that the practical security of AES under those Trojans can be considerable, especially if countermeasures are in place. Joint work with Takanori Isobe. Contact: Andrey Bogdanov <anbog@dtu.dk> 510fdf9998ac8cd3eb369b21d023a3a7d1a8231d 774 727 2015-01-15T16:00:30Z Guest 4 wikitext text/x-wiki title: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] Abstract: This talk deals with the security of symmetric-key algorithms under Trojans. It was motivated by the recent revelations of Snowden about NSA's mass surveillance practices. We study the security of AES in the presence of a patronizing Trojan: We let a part of the state leak in each encryption/decryption. We apply state-of-the-art symmetric-key cryptanalyic techniques to evaluate the residual key-recovery security. We consider a wide spectrum of settings which range from Trojans with less control all the way to the more powerful adversaries with deeper knowledge of the execution environment. Rather surprisingly, we observe that the practical security of AES under those Trojans can be considerable, especially if countermeasures are in place. Joint work with Takanori Isobe. Contact: Andrey Bogdanov <anbog@dtu.dk> 442b9c03683f5560b9cd0f6df6aa3873e69c208f 6 491 728 2015-01-15T11:29:09Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 475 729 690 2015-01-15T11:33:32Z Guest 4 wikitext text/x-wiki '''Please send your slides at <code>michael -DOT- peeters _AT_ noekeon -DOT- org</code> before 18:00.''' Here the (DRAFT) rump session program: {| class=wikitable !Start !! # min !! Author !! Title !! Slides |- |18h20||6||Willi Meier ||Higher Order Differentials in NORX |[[media:Rump willi.pdf|Slides]] |- |18h26||5||Yu Sasaki ||How to Incorporate Associated Data in Sponge-Based Authenticated Encryption | |- |18h31||3||Gregor Leander ||Decomposing ASASA |[[media:Rump gregor.pdf|Slides]] |- |18h34||6||Henri Gilbert ||Format Oracles in OpenPGP | |- |18h40||6||Damian Vizar ||Boosting Keyak for Almost Free Authentication of Associated Data |[[media:Rump damian.pdf|Slides]] |- |18h46||5||Christian Rechberger ||TBC |[[media:Rump christian.pdf|Slides]] |- |18h51||5||Leo Perrin ||TBC |[[media:Rump leo.pdf|Slides]] |- |18h53||2||Thomas Peyrin ||DIAC 2015 & ASK 2015 in Singapore |[[media:Rump thomas.pdf|Slides]] |- |18h58||5||Gaetan Leurent ||Cryptanalysis of Marble |[[media:Rump gaetan.pdf|Slides]] |- |19h03||1||Farzaneh Abed ||On Cryptographer Alignment |[[media:Rump feri.pdf|Slides]] |- |19h04||2||Michael Peeters ||Quotes from NSA’s Cryptolog |[[media:Rump mip.pdf|Slides]] |- |19h06 |colspan=3|''the end'' |} 0a7f9d8916457b2311b8036e993e92622e9ebf95 738 729 2015-01-15T11:38:40Z Guest 4 wikitext text/x-wiki '''Please send your slides at <code>michael -DOT- peeters _AT_ noekeon -DOT- org</code> before 18:00.''' Here the (DRAFT) rump session program: {| class=wikitable !Start !! # min !! Author !! Title !! Slides |- |18h20||6||Willi Meier ||Higher Order Differentials in NORX |[[media:rump_willi.pdf|Slides]] |- |18h26||5||Yu Sasaki ||How to Incorporate Associated Data in Sponge-Based Authenticated Encryption | |- |18h31||3||Gregor Leander ||Decomposing ASASA |[[media:rump_gregor.pdf|Slides]] |- |18h34||6||Henri Gilbert ||Format Oracles in OpenPGP | |- |18h40||6||Damian Vizar ||Boosting Keyak for Almost Free Authentication of Associated Data |[[media:rump_damian.pdf|Slides]] |- |18h46||5||Christian Rechberger ||TBC |[[media:rump_christian.pdf|Slides]] |- |18h51||5||Leo Perrin ||TBC |[[media:rump_leo.pdf|Slides]] |- |18h53||2||Thomas Peyrin ||DIAC 2015 & ASK 2015 in Singapore |[[media:rump_thomas.pdf|Slides]] |- |18h58||5||Gaetan Leurent ||Cryptanalysis of Marble |[[media:rump_gaetan.pdf|Slides]] |- |19h03||1||Farzaneh Abed ||On Cryptographer Alignment |[[media:rump_feri.pdf|Slides]] |- |19h04||2||Michael Peeters ||Quotes from NSA’s Cryptolog |[[media:rump_mip.pdf|Slides]] |- |19h06 |colspan=3|''the end'' |} eedce9fa3291b9fce0739cc29dd16d4ade255f8b 739 738 2015-01-15T11:41:08Z Guest 4 wikitext text/x-wiki '''Please send your slides at <code>michael -DOT- peeters _AT_ noekeon -DOT- org</code> before 18:00.''' Here the (DRAFT) rump session program: {| class=wikitable !Start !! # min !! Author !! Title !! Slides |- |18h20||6||Willi Meier ||Higher Order Differentials in NORX |[[media:rump_willi.pdf|Slides]] |- |18h26||5||Yu Sasaki ||How to Incorporate Associated Data in Sponge-Based Authenticated Encryption | |- |18h31||3||Gregor Leander ||Decomposing ASASA |[[media:rump_gregor.pdf|Slides]] |- |18h34||6||Henri Gilbert ||Format Oracles in OpenPGP | |- |18h40||6||Damian Vizar ||Boosting Keyak for Almost Free Authentication of Associated Data |[[media:rump_damian.pdf|Slides]] |- |18h46||5||Christian Rechberger ||Update on the 10000 Euro PRINCE cipher-breaking challenge |[[media:rump_christian.pdf|Slides]] |- |18h51||5||Leo Perrin ||Stu� Available on Cryptolux.org |[[media:rump_leo.pdf|Slides]] |- |18h53||2||Thomas Peyrin ||DIAC 2015 & ASK 2015 in Singapore |[[media:rump_thomas.pdf|Slides]] |- |18h58||5||Gaetan Leurent ||Cryptanalysis of Marble |[[media:rump_gaetan.pdf|Slides]] |- |19h03||1||Farzaneh Abed ||On Cryptographer Alignment |[[media:rump_feri.pdf|Slides]] |- |19h04||2||Michael Peeters ||Quotes from NSA’s Cryptolog |[[media:rump_mip.pdf|Slides]] |- |19h06 |colspan=3|''the end'' |} 1c33ad65d849376d996fe35ff165bf127e9ec435 740 739 2015-01-15T11:43:00Z Guest 4 wikitext text/x-wiki '''Please send your slides at <code>michael -DOT- peeters _AT_ noekeon -DOT- org</code> before 18:00.''' Here the (DRAFT) rump session program: {| class=wikitable !Start !! # min !! Author !! Title !! Slides |- |18h20||6||Willi Meier ||Higher Order Differentials in NORX |[[media:rump_willi.pdf|Slides]] |- |18h26||5||Yu Sasaki ||How to Incorporate Associated Data in Sponge-Based Authenticated Encryption | |- |18h31||3||Gregor Leander ||Decomposing ASASA |[[media:rump_gregor.pdf|Slides]] |- |18h34||6||Henri Gilbert ||Format Oracles in OpenPGP | |- |18h40||6||Damian Vizar ||Boosting Keyak for Almost Free Authentication of Associated Data |[[media:rump_damian.pdf|Slides]] |- |18h46||5||Christian Rechberger ||Update on the 10000 Euro PRINCE cipher-breaking challenge |[[media:rump_christian.pdf|Slides]] |- |18h51||5||Leo Perrin ||Stuff Available on Cryptolux.org |[[media:rump_leo.pdf|Slides]] |- |18h53||2||Thomas Peyrin ||DIAC 2015 & ASK 2015 in Singapore |[[media:rump_thomas.pdf|Slides]] |- |18h58||5||Gaetan Leurent ||Cryptanalysis of Marble |[[media:rump_gaetan.pdf|Slides]] |- |19h03||1||Farzaneh Abed ||On Cryptographer Alignment |[[media:rump_feri.pdf|Slides]] |- |19h04||2||Michael Peeters ||Quotes from NSA’s Cryptolog |[[media:rump_mip.pdf|Slides]] |- |19h06 |colspan=3|''the end'' |} 1411fd42780e909fc8a95be49b7804469cb5fe18 741 740 2015-01-15T11:43:23Z Guest 4 wikitext text/x-wiki Here the rump session program: {| class=wikitable !Start !! # min !! Author !! Title !! Slides |- |18h20||6||Willi Meier ||Higher Order Differentials in NORX |[[media:rump_willi.pdf|Slides]] |- |18h26||5||Yu Sasaki ||How to Incorporate Associated Data in Sponge-Based Authenticated Encryption | |- |18h31||3||Gregor Leander ||Decomposing ASASA |[[media:rump_gregor.pdf|Slides]] |- |18h34||6||Henri Gilbert ||Format Oracles in OpenPGP | |- |18h40||6||Damian Vizar ||Boosting Keyak for Almost Free Authentication of Associated Data |[[media:rump_damian.pdf|Slides]] |- |18h46||5||Christian Rechberger ||Update on the 10000 Euro PRINCE cipher-breaking challenge |[[media:rump_christian.pdf|Slides]] |- |18h51||5||Leo Perrin ||Stuff Available on Cryptolux.org |[[media:rump_leo.pdf|Slides]] |- |18h53||2||Thomas Peyrin ||DIAC 2015 & ASK 2015 in Singapore |[[media:rump_thomas.pdf|Slides]] |- |18h58||5||Gaetan Leurent ||Cryptanalysis of Marble |[[media:rump_gaetan.pdf|Slides]] |- |19h03||1||Farzaneh Abed ||On Cryptographer Alignment |[[media:rump_feri.pdf|Slides]] |- |19h04||2||Michael Peeters ||Quotes from NSA’s Cryptolog |[[media:rump_mip.pdf|Slides]] |- |19h06 |colspan=3|''the end'' |} 4d40f6e478c9a5363cafde611b8706ff801833c6 6 492 730 2015-01-15T11:34:30Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 493 731 2015-01-15T11:34:54Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 494 732 2015-01-15T11:35:14Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 495 733 2015-01-15T11:35:32Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 496 734 2015-01-15T11:36:32Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 497 735 2015-01-15T11:36:48Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 498 736 2015-01-15T11:37:12Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 499 737 2015-01-15T11:37:31Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 500 742 2015-01-15T12:50:37Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 428 743 585 2015-01-15T12:51:24Z Guest 4 wikitext text/x-wiki Title: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] Abstract: In 2006, Rogaway and Shrimpton introduced the well-known deterministic AE scheme SIV, primarily to encrypt high-entropy plaintexts such as cryptographic keys. In the light of misuse-resistance, Fleischmann et al. showed at FSE'2012 that SIV's privacy breaks if an adversary gets access to would-be plaintexts. As a countermeasure, we introduce a decryption-misuse resistant version of SIV, called Robust IV or RIV. fbf5a53461d208a2718ffa40da18a58993055046 0 416 744 725 2015-01-15T12:51:56Z Guest 4 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On authenticated encryption 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' c25f9c71d75e313ae0493da4a0322bfec55d0042 746 744 2015-01-15T13:47:56Z Guest 4 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On authenticated encryption 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 34baf7605fbef510d48430b1248981ac00973b78 751 746 2015-01-15T13:55:28Z Guest 4 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 5258c6b7b4c930b517b5f6a2696e2b62a834121c 753 751 2015-01-15T14:00:31Z Guest 4 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 20259ab7b2b98e9a4a6ec926763768babe3dd019 755 753 2015-01-15T15:22:23Z Guest 4 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] [[CAESAR_Discussion_(2015-01-13)|[Summary of the discussion]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 1934dcd881ded4358c3ef3143246f1bc36ed3e85 758 755 2015-01-15T15:24:34Z Guest 4 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] [[CAESAR_Discussion_(2015-01-13)|[Summary of the discussion]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' edff55f234fdd83944e48615d306605c60938ec8 761 758 2015-01-15T15:27:09Z Guest 4 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] [[CAESAR_Discussion_(2015-01-13)|[Summary of the discussion]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 763b6c8f9c4246e3459a4686f09da7bd13930fe2 762 761 2015-01-15T15:27:25Z Guest 4 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] [[CAESAR_Discussion_(2015-01-13)|[Summary of the discussion]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' c527edf99c979c4d24a999379029f75849072259 763 762 2015-01-15T15:32:08Z Guest 4 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 5c92d754d573fa0b3281fb2b6b40f8cbd3e4c34a 766 763 2015-01-15T15:40:28Z Guest 4 /* 12 January 2015 1st day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: On provable security aspects of authenticated encryption 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' d1c7c46e0e400368e8864075af9b6d6e26bd930b 769 766 2015-01-15T15:43:36Z Guest 4 /* 12 January 2015 1st day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' d8ede68a9e13b572d33ea32839e0e18be9a90d95 773 769 2015-01-15T16:00:11Z Guest 4 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' a5d8cc969d6c78445a1caf6fd68524245423b1d9 775 773 2015-01-15T16:43:34Z Guest 4 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' ef89a5d13fdb7db86b08b5242c282dd61b1bd34e 6 501 745 2015-01-15T13:47:22Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 423 747 561 2015-01-15T13:48:08Z Guest 4 wikitext text/x-wiki Title: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] Abstract: To be resistant against certain time-memory-data-tradeoff (TMDTO) attacks, a common rule of thumb says that the internal state size of a stream cipher should be at least twice the security parameter. As memory gates are usually the most area and power consuming components, this implies a sever limitation with respect to possible lightweight implementations. In this talk, we revisit this rule. We argue that a simple shift in the established design paradigm, namely to involve the fixed secret key not only in the initialization process but in the keystream generation phase as well, enables stream ciphers with smaller area size for two reasons. First, it improves the resistance against the mentioned TMDTO attacks which allows to choose smaller state sizes. Second, one can make use of the fact that storing a fixed value (here: the key) requires less area size than realizing a register of the same length. We demonstrate the feasibility of this approach by describing and implementing a concrete stream cipher which uses significantly less area than comparable existing lightweight stream ciphers. e826c7f53cc418d4ae9d8cb495ea4d5dad634a2d 6 502 748 2015-01-15T13:52:59Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 503 749 2015-01-15T13:53:24Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 504 750 2015-01-15T13:54:59Z Guest 4 Created page with "title: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]]" wikitext text/x-wiki title: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 56e960800089066f7531592de60b9297dc70762f 6 505 752 2015-01-15T13:58:52Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 506 754 2015-01-15T15:21:30Z Guest 4 Created page with "Stefan Lucks summarized the results of the discussion about CAESAR held at ESC 2015 in a mail reproduced below. <pre> Hi all, here are the results from our discussion. I did..." wikitext text/x-wiki Stefan Lucks summarized the results of the discussion about CAESAR held at ESC 2015 in a mail reproduced below. <pre> Hi all, here are the results from our discussion. I did sort them into "Checklist items" for CAESAR candidates and potential "Work items" for the Commitee. Please mail me if you think I forgot something, or I made a mistake! So long Stefan Checklist for CAESAR candidates: 1. Robustness a) online, nonce misuse b) offline, nonce misuse c) online, decryption misuse d) offline, decryption misuse 2. Beyond-birthday security (i.e., >> 2^64 texts) 3. Good Performance without AES-NI 4. Equally good performance in Hardware and in Software 5. Secure, Fast 6. One winner to rule them all, or winners for different profiles 7. Parallelizability 8. "If you lieak the key in the case of (nonce) misuse, then throw the system out of the window." (A.J.) 9. Good performance, combined with resistance to side-channel attacks 10. Diversity (based on different primitives) 11. Key-independent running time (in contrast, e.g., to natural implementations of GCM) 12. a) For offline-ciphers: 1-pass or multipass b) For Online-ciphers: fixed memory, fixed latency Work-Items for the PC: A) Need to investigate which desirable properties are mutually exclusive B) Define/revisit notions for robustnes C) Explore the tradeoff between robustness and efficiency </pre> 15dea086a14333cded4212cb68568eb38ea6d6df 6 507 756 2015-01-15T15:23:39Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 508 757 2015-01-15T15:24:15Z Guest 4 Created page with "title: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]]" wikitext text/x-wiki title: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] fcb478cb8cda43bb956c842a091b8a3a354e3b79 6 509 759 2015-01-15T15:26:18Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 411 760 562 2015-01-15T15:26:44Z Guest 4 wikitext text/x-wiki title: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] Abstract: In this work, we investigate the effect of affine transformations of the Sbox on the maximal expected differential probability and linear potential over two rounds of a substitution-permutation network, when the diffusion layer is linear over the finite field defined by the Sbox alphabet. One of our aims is to understand why the MEDP and MELP of the AES both increase when the AES Sbox is replaced by the inversion in GF{2^8}. Most notably, we will show that this phenomenon is related to the fact that the inversion is an involution. bdcbd83eda462a97cd477a29eddd854703391010 6 510 764 2015-01-15T15:39:40Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 419 765 557 2015-01-15T15:40:02Z Guest 4 wikitext text/x-wiki Title: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] Abstract: Practical attacks on password hashing/key derivation schemes and emergence of dedicated hardware rigs for cryptocurrency mining motivated the following problem: "Design a fixed-input-length, preimage-resistant hash function such that it runs in fractions of seconds on modern desktops and servers, and the brute-force preimage search is not significantly cheaper on other architectures (GPUs, FPGAs, or even ASICs)." We explore the state-of-the-art of this problem, discuss various issues of performance optimization and the cost metric for the adversaries, show new types of attacks arising in this context, and investigate the existing and prospective solutions from the cryptographic point of view. From the attack point of view, we explore time-memory tradeoffs for memory-intensive password hashing schemes, which have been previously known in the framework of pebbling games on graphs. We outline several new cryptanalytic methods, which apply to two main classes of hashing schemes: those where memory access pattern is data-independent and those where it is data-dependent and is computed at runtime. From the design point of view, we show how to use the logic and memory organization of the x86 architecture to maximize adversary's costs. We also demonstrate how to use multi-threading and read-only memory in the optimal and secure way. 801e551df920edf4e17d9510527d927058f996c5 6 511 767 2015-01-15T15:42:22Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 512 768 2015-01-15T15:42:54Z Guest 4 Created page with "title: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]]" wikitext text/x-wiki title: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 709e5d909da8286ca2e2a9b80020747227202ae3 0 513 770 2015-01-15T15:45:59Z Guest 4 Created page with "Title: On Chaskey [[Media:slides-chaskey.pdf|[slides]]]" wikitext text/x-wiki Title: On Chaskey [[Media:slides-chaskey.pdf|[slides]]] bd43bd90361ea7dd97d76335ae365e75c50a2237 6 514 771 2015-01-15T15:46:25Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 515 772 2015-01-15T15:58:47Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 516 776 2015-01-15T17:02:01Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 416 777 775 2015-01-15T17:02:28Z Guest 4 /* 12 January 2015 1st day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-? See the [[Rump session]] program. 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' fac7c446cc67c6767810e0d0d8ee74fa5689ab2f 778 777 2015-01-15T17:03:55Z Guest 4 /* 14 January 2015 3rd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 3ecbe7a41014b5baa90d5bdbb1c7c8d5aed3daba 782 778 2015-01-15T17:34:58Z Guest 4 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 10:50-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 3d2995810e0b41bc5ded33afb5389e01f90076de 783 782 2015-01-15T17:54:24Z Joan 3 /* 16 January 2015 5th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]] On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' c9095b7df0d220a44f8fedda9df025ce116ffdfb 785 783 2015-01-15T20:44:30Z Guest 4 /* 16 January 2015 5th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' ed8a8ed6d22fe1800fab6af5bfa5c011c9756f00 789 785 2015-01-16T08:08:00Z Guest 4 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[media:Pierrot_Discrete_logs.pdf|[slides]]] [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 1ee5e31eb8770c7a0979bd9f20efd6d458ba5f3e 792 789 2015-01-16T08:10:38Z Guest 4 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[media:Pierrot_Discrete_logs.pdf|[slides]]] [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 3f925d9d0ee34f10c9523c20eed9d2fea8d2e361 795 792 2015-01-16T08:13:29Z Guest 4 /* 16 January 2015 5th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[media:Pierrot_Discrete_logs.pdf|[slides]]] [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[media:Slides_ESC_2015.pdf|[slides]]] [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:30-14:00 ''Lunch'' 8159e06cc44a54b52bc0e75c254ba537fb7e003c 796 795 2015-01-16T09:07:44Z Alex 2 /* 16 January 2015 5th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[media:Pierrot_Discrete_logs.pdf|[slides]]] [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[media:Slides_ESC_2015.pdf|[slides]]] [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR? ''Closing ESC2015'' 12:00-14:00 ''Lunch'' 473149ee9003f794f0c212f7abd9e3cdc610d1c0 797 796 2015-01-16T09:09:46Z Alex 2 /* 16 January 2015 5th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[media:Pierrot_Discrete_logs.pdf|[slides]]] [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[media:Slides_ESC_2015.pdf|[slides]]] [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR? Prize for the S-box decomposition challenge ''Closing ESC2015'' 12:00-14:00 ''Lunch'' 6e9d64aa1eba572a1382de621f49574428afd1b0 798 797 2015-01-16T09:50:06Z Guest 4 /* 16 January 2015 5th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[media:Pierrot_Discrete_logs.pdf|[slides]]] [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[media:Slides_ESC_2015.pdf|[slides]]] [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 [[media:Slides_ESC_2015.pdf|[slides]]] 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR? Prize for the S-box decomposition challenge ''Closing ESC2015'' 12:00-14:00 ''Lunch'' 9dcda6ffe71f38e1050e4d943b1a51a5d9000dc2 802 798 2015-01-16T09:52:10Z Guest 4 /* 15 January 2015 4th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[media:Pierrot_Discrete_logs.pdf|[slides]]] [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher [[media:Slide.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[media:Slides_ESC_2015.pdf|[slides]]] [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 [[media:Slides_ESC_2015.pdf|[slides]]] 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR? Prize for the S-box decomposition challenge ''Closing ESC2015'' 12:00-14:00 ''Lunch'' 7bb767a91cb085cfd34fc90c5e160c49004bd90b 804 802 2015-01-16T10:28:17Z Alex 2 /* 16 January 2015 5th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[media:Pierrot_Discrete_logs.pdf|[slides]]] [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher [[media:Slide.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[media:Slides_ESC_2015.pdf|[slides]]] [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 [[media:Slides_ESC_2015.pdf|[slides]]] 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR? Prize for the S-box decomposition challenge goes to [[Gaetan Leurent]] (reverse-engineering 5 round Feistel 8x8 S-box in 1 second on a PC) ''Closing ESC2015'' 12:00-14:00 ''Lunch'' f9a3779481eb742a3fb9b30300173ac010a0132a 805 804 2015-01-16T10:31:21Z Alex 2 /* 16 January 2015 5th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[media:Pierrot_Discrete_logs.pdf|[slides]]] [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher [[media:Slide.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[media:Slides_ESC_2015.pdf|[slides]]] [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 [[media:Slides_ESC_2015.pdf|[slides]]] 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR? Prize for the [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] goes to [[Gaetan Leurent]] (reverse-engineering 5 round Feistel 8x8 S-box in 1 second on a PC) ''Closing ESC2015'' 12:00-14:00 ''Lunch'' 081122a603b689681181b3b993678647cf01448e 808 805 2015-01-16T10:34:48Z Guest 4 /* 16 January 2015 5th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[media:Pierrot_Discrete_logs.pdf|[slides]]] [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher [[media:Slide.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[media:Slides_ESC_2015.pdf|[slides]]] [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 [[media:Rc5-slides-esc2015.pdf|[slides]]] 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR? Prize for the [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] goes to [[Gaetan Leurent]] (reverse-engineering 5 round Feistel 8x8 S-box in 1 second on a PC) ''Closing ESC2015'' 12:00-14:00 ''Lunch'' 902254fc719d769f6eacad3092293983f2d2410a 813 808 2015-01-17T13:34:33Z Guest 4 wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[media:Pierrot_Discrete_logs.pdf|[slides]]] [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[media:Nyberg.pdf|[slides]]] [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher [[media:Slide.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[media:Slides_ESC_2015.pdf|[slides]]] [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 [[media:Rc5-slides-esc2015.pdf|[slides]]] 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR? Prize for the [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] goes to [[Gaetan Leurent]] (reverse-engineering 5 round Feistel 8x8 S-box in 1 second on a PC) ''Closing ESC2015'' 12:00-14:00 ''Lunch'' 3ce6c7b019af4d88673883aaf2e7000763a15edb 817 813 2015-01-19T08:43:36Z Guest 4 /* 14 January 2015 3rd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[media:Pierrot_Discrete_logs.pdf|[slides]]] [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks [[media:Presentation.pdf|[slides]]] 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[media:Nyberg.pdf|[slides]]] [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher [[media:Slide.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[media:Slides_ESC_2015.pdf|[slides]]] [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 [[media:Rc5-slides-esc2015.pdf|[slides]]] 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR? Prize for the [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] goes to [[Gaetan Leurent]] (reverse-engineering 5 round Feistel 8x8 S-box in 1 second on a PC) ''Closing ESC2015'' 12:00-14:00 ''Lunch'' ae9d418f1412f3acfd262732c4ef41a53f56425b 822 817 2015-01-21T09:34:50Z Guest 4 /* 16 January 2015 5th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[media:Pierrot_Discrete_logs.pdf|[slides]]] [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks [[media:Presentation.pdf|[slides]]] 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[media:Nyberg.pdf|[slides]]] [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher [[media:Slide.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[media:Slides_ESC_2015.pdf|[slides]]] [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 [[media:Rc5-slides-esc2015.pdf|[slides]]] 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR. [[media:Sec_and_rob.pdf|[summary of the discussions]]] Prize for the [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] goes to [[Gaetan Leurent]] (reverse-engineering 5 round Feistel 8x8 S-box in 1 second on a PC) ''Closing ESC2015'' 12:00-14:00 ''Lunch'' 1b475b70d53f50e4e883a1b0137704b3737d4db0 823 822 2015-01-21T09:35:43Z Guest 4 /* 16 January 2015 5th day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[media:Pierrot_Discrete_logs.pdf|[slides]]] [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks [[media:Presentation.pdf|[slides]]] 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[media:Nyberg.pdf|[slides]]] [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher [[media:Slide.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[media:Slides_ESC_2015.pdf|[slides]]] [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 [[media:Rc5-slides-esc2015.pdf|[slides]]] 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR. [[media:Sec_and_rob.pdf|[summary of the discussions]]] ''Closing ESC2015'' Prize for the [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] goes to [[Gaetan Leurent]] (reverse-engineering 5 round Feistel 8x8 S-box in 1 second on a PC) 12:00-14:00 ''Lunch'' 21e136a802df0fc24fd25e4c55a66469f5762549 0 475 779 741 2015-01-15T17:04:46Z Guest 4 wikitext text/x-wiki Here the rump session program: {| class=wikitable !Start !! # min !! Author !! Title !! Slides |- |18h20||6||Willi Meier ||Higher Order Differentials in NORX |[[media:rump_willi.pdf|[slides]]] |- |18h26||5||Yu Sasaki ||How to Incorporate Associated Data in Sponge-Based Authenticated Encryption | |- |18h31||3||Gregor Leander ||Decomposing ASASA |[[media:rump_gregor.pdf|[slides]]] |- |18h34||6||Henri Gilbert ||Format Oracles in OpenPGP | |- |18h40||6||Damian Vizar ||Boosting Keyak for Almost Free Authentication of Associated Data |[[media:rump_damian.pdf|[slides]]] |- |18h46||5||Christian Rechberger ||Update on the 10000 Euro PRINCE cipher-breaking challenge |[[media:rump_christian.pdf|[slides]]] |- |18h51||5||Leo Perrin ||Stuff Available on Cryptolux.org |[[media:rump_leo.pdf|[slides]]] |- |18h53||2||Thomas Peyrin ||DIAC 2015 & ASK 2015 in Singapore |[[media:rump_thomas.pdf|[slides]]] |- |18h58||5||Gaetan Leurent ||Cryptanalysis of Marble |[[media:rump_gaetan.pdf|[slides]]] |- |19h03||1||Farzaneh Abed ||On Cryptographer Alignment |[[media:rump_feri.pdf|[slides]]] |- |19h04||2||Michael Peeters ||Quotes from NSA’s Cryptolog |[[media:rump_mip.pdf|[slides]]] |- |19h06 |colspan=3|''the end'' |} 1400c5ad9ec99128a7d881c9dc13842c6fb09e5b 6 517 780 2015-01-15T17:34:11Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 424 781 571 2015-01-15T17:34:39Z Guest 4 wikitext text/x-wiki Title: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Abstract: We study the nonce-based authenticated encryption where the sender does not transmit the initialization vector IV (the nonce) but instead transmits the corresponding finalization vector FV in a communication channel, possibly along with associated data A, tag T and ciphertext C. Here, FV should not be merely ``enciphered IV,'' but be properly generated from IV, A and plaintext M. A receiver then (hopefully) checks the integrity of quadruplet (FV,A,T,C) and (hopefully with successful verification) recovers the plaintext M by decrypting (FV,A,T,C). This paper presents a generic method named tag feedback, which converts a conventional nonce-based scheme to an IV-FV one with just a single invocation of a tweakable block cipher. The tag feedback substantially improves the robustness of the scheme: now the resulting IV-FV scheme remains secure even if the decryption algorithm is compelled to release unverified plaintext M, as long as the accompanying triplet (FV,A,T) is new. cf411bd4bdcde30e55c72f7d8b60d5d2bf4517c1 0 477 784 688 2015-01-15T20:43:43Z Guest 4 wikitext text/x-wiki '''Title:''' On Improving the Data Complexity of Attacks on RC5 Joint work with Alex Biryukov '''Abstract:''' We propose new techniques for improving the average data complexity of the best attacks on RC5. The main contribution is an improved filtration procedure for a more efficient detection of good pairs from noise. It is an extended variant of the filtration algorithm proposed by Biryukov et al. and applied in the best attack on the cipher to date. With the new technique we decrease the data complexity of the attacks on $\mathrm{RC5}$ reduced to $8$ and $10$ rounds by a factor of $2^{2.7}$ and $2^{1.35}$ respectively and we provide an estimation for the full cipher. c061d337a23b3db6ebc1296d8c0b5491d7b23e29 786 784 2015-01-15T22:53:35Z Guest 4 wikitext text/x-wiki '''Title:''' On Improving the Data Complexity of Attacks on RC5 Joint work with Alex Biryukov '''Abstract:''' We propose new techniques for improving the average data complexity of the best attacks on RC5 by about a factor of $4$. The main contribution is an improved filtration procedure for a more efficient detection of good pairs from noise. It is an extended variant of the filtration algorithm proposed by Biryukov et al. and applied in the best attack on the cipher to date. With the new technique we decrease the data complexity of the attacks on $\mathrm{RC5}$ reduced to $8$ and $10$ rounds by a factor of $2^{2.7}$ and $2^{1.35}$ respectively and we provide an estimation for the full cipher. 6624d9402b3997fe9210a33fd014011d8afde099 799 786 2015-01-16T09:50:19Z Guest 4 wikitext text/x-wiki '''Title:''' On Improving the Data Complexity of Attacks on RC5 [[media:Slides_ESC_2015.pdf|[slides]]] Joint work with Alex Biryukov '''Abstract:''' We propose new techniques for improving the average data complexity of the best attacks on RC5 by about a factor of $4$. The main contribution is an improved filtration procedure for a more efficient detection of good pairs from noise. It is an extended variant of the filtration algorithm proposed by Biryukov et al. and applied in the best attack on the cipher to date. With the new technique we decrease the data complexity of the attacks on $\mathrm{RC5}$ reduced to $8$ and $10$ rounds by a factor of $2^{2.7}$ and $2^{1.35}$ respectively and we provide an estimation for the full cipher. 0507e846d4231c5962b7ee91dd95841431d194e0 807 799 2015-01-16T10:34:11Z Guest 4 wikitext text/x-wiki '''Title:''' On Improving the Data Complexity of Attacks on RC5 [[media:Rc5-slides-esc2015.pdf|[slides]]] Joint work with Alex Biryukov '''Abstract:''' We propose new techniques for improving the average data complexity of the best attacks on RC5 by about a factor of $4$. The main contribution is an improved filtration procedure for a more efficient detection of good pairs from noise. It is an extended variant of the filtration algorithm proposed by Biryukov et al. and applied in the best attack on the cipher to date. With the new technique we decrease the data complexity of the attacks on $\mathrm{RC5}$ reduced to $8$ and $10$ rounds by a factor of $2^{2.7}$ and $2^{1.35}$ respectively and we provide an estimation for the full cipher. 6823c7c18232e4b38b1fd703dd5939854404f171 6 518 787 2015-01-16T08:06:45Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 470 788 649 2015-01-16T08:07:36Z Guest 4 wikitext text/x-wiki == '''Title :''' Simplified Settings for Discrete Logarithm in Small Characteristic Finite Fields. == [[media:Pierrot_Discrete_logs.pdf|[slides]]] '''Abstract :''' Public key cryptography (please, don't blame me) is based on hard problems, such as the discrete logarithm problem (DLP). In this talk, I focus on the discrete logarithm problem in finite fields: ''Given F_(p^n) and a generator g of F_(p^n)*, we say that we solve the DLP in F_(p^n) if, for any arbitrary element h in F_(p^n)*, we are able to recover an integer x such that: g^x = h.'' When the characteristic p is small compared to the extension degree n, the best complexity that can be achieved is quasipolynomial in log(p^n). I present here a simplified version of this quasipolynomial algorithm that have several advantages: 1/ I swear it is simple :) or at least I will do my best to make it understandable. 2/ Still, it does work. 3/ More seriously : together with additional ideas, simplifying the original settings permits to decrase the complexity of the phases that dominate, in practice, all discrete logarithms computations. 6e3e6891b4dcd31d14d298053b3813945279e2df 6 519 790 2015-01-16T08:09:36Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 520 791 2015-01-16T08:10:14Z Guest 4 Created page with "title: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]]" wikitext text/x-wiki title: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]] fb85520e39906ee5b660111585c5ae83a28a7124 6 521 793 2015-01-16T08:12:48Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 522 794 2015-01-16T08:13:14Z Guest 4 Created page with "title: Cryptanalysis of JAMBU [[media:Slides_ESC_2015.pdf|[slides]]]" wikitext text/x-wiki title: Cryptanalysis of JAMBU [[media:Slides_ESC_2015.pdf|[slides]]] 9ec325deaae880dfa342a77f8637d17dac46d89d 6 523 800 2015-01-16T09:51:14Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 478 801 694 2015-01-16T09:51:45Z Guest 4 wikitext text/x-wiki Title: Observations on Proest and Minalpher [[media:Slide.pdf|[slides]]] Abstract: This talk consists of two talks. The first part considers some property on sbox, and analyzes Proest and Minalpher sboxes. The second part considers the implementation of the underlying primitive of Proest and Minalpher. Comments on Sandy/Ivy Bridge and Haswell/Broadwell are given. ba384764e3e71cbc8831cadbd1dbf25073c93b5c 0 407 803 692 2015-01-16T10:23:31Z Alex 2 wikitext text/x-wiki === Participants === *[[Andrey Bogdanov]] *[[Anne Canteaut]] *[[Antoine Joux]] *[[Bart Preneel]] *[[Carlos Cid]] *[[Cécile Pierrot]] *[[Celine Blondeau]] *[[Cristian Rechberger]] *[[Damian Vizar]] *[[Dmitry Khovratovich]] *[[Eik List]] *[[Elena Andreeva]] *[[Farzaneh Abed]] *[[Florian Mendel]] *[[François-Xavier Standaert]] *[[Frederik Armknecht]] *[[Gaetan Leurent]] *[[Gildas Avoine]] *[[Gilles Van Assche]] *[[Gregor Leander]] *[[Henri Gilbert]] *[[Itai Dinur]] *[[Kaisa Nyberg]] *[[Kan Yasuda]] *[[Kazumaro Aoki]] *[[Leo Perrin]] *[[Maria Naya-Plasencia]] *[[Michael Peeters]] *[[Petr Susil]] *[[Reza Reyhanitabar]] *[[Tetsu Iwata]] *[[Thomas Peyrin]] *[[Vesselin Velichkov]] *[[Willi Meier]] *[[Yu Sasaki]] *[[Alex Biryukov]] *[[Joan Daemen]] *[[Stefan Lucks]] *[[Serge Vaudenay]] 025fc17b48fffc5027d110e27b380e20bf961b19 6 524 806 2015-01-16T10:33:56Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 525 809 2015-01-17T13:26:27Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 824 809 2015-01-25T20:49:39Z Guest 4 Guest uploaded a new version of &quot;[[File:Nyberg.pdf]]&quot; wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 825 824 2015-01-25T20:51:28Z Guest 4 Guest uploaded a new version of &quot;[[File:Nyberg.pdf]]&quot; wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 826 825 2015-01-25T20:54:49Z Guest 4 Guest uploaded a new version of &quot;[[File:Nyberg.pdf]]&quot; wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 474 810 669 2015-01-17T13:32:20Z Guest 4 wikitext text/x-wiki [[File:Nyberg.pdf]] ''Title:'' Reverse-Engineering Hidden Assumptions in Differential-Linear Attacks ''Abstract:'' Differential-linear (DL) cryptanalysis has been quite successful in attacking block ciphers, Serpent, in particular. At FSE 2014 Blondeau et al. provided a thorough analysis of its foundations. We gave a complete expression of the probability of the DL relation in terms of the differential probabilities of the first part of the cipher and squared correlations over the latter part of the cipher. We know by now that DL statistics can be derived from a truncated differential attack. In applications the simple models by Biham et al. [Asiacrypt 2002] and Lu [FSE 2012] are still widely used. The question how these simple ad hoc models relate to the theory was not yet addressed. In this talk I will identify some sufficient assumptions under which the previous models can be derived from our general model. These considerations have relevance in practice: cryptanalysts should know which properties of the cipher are sufficient to be validated in simulations, when using the models of Biham et al. or Lu. At the end of my talk I will discuss another statistical model of DL attacks, which is more efficient in terms of data complexity. Interestingly, this model captures also the average behaviour of boomerang probabilities. 4972b06e84e567d6b22ff71b0c5d0d6212b6c2af 811 810 2015-01-17T13:32:58Z Guest 4 wikitext text/x-wiki [[Slides:Nyberg.pdf]] ''Title:'' Reverse-Engineering Hidden Assumptions in Differential-Linear Attacks ''Abstract:'' Differential-linear (DL) cryptanalysis has been quite successful in attacking block ciphers, Serpent, in particular. At FSE 2014 Blondeau et al. provided a thorough analysis of its foundations. We gave a complete expression of the probability of the DL relation in terms of the differential probabilities of the first part of the cipher and squared correlations over the latter part of the cipher. We know by now that DL statistics can be derived from a truncated differential attack. In applications the simple models by Biham et al. [Asiacrypt 2002] and Lu [FSE 2012] are still widely used. The question how these simple ad hoc models relate to the theory was not yet addressed. In this talk I will identify some sufficient assumptions under which the previous models can be derived from our general model. These considerations have relevance in practice: cryptanalysts should know which properties of the cipher are sufficient to be validated in simulations, when using the models of Biham et al. or Lu. At the end of my talk I will discuss another statistical model of DL attacks, which is more efficient in terms of data complexity. Interestingly, this model captures also the average behaviour of boomerang probabilities. b9f2372331ca8af2d24a307df8fd8118a43225f0 812 811 2015-01-17T13:33:27Z Guest 4 wikitext text/x-wiki [[File:Nyberg.pdf]] ''Title:'' Reverse-Engineering Hidden Assumptions in Differential-Linear Attacks ''Abstract:'' Differential-linear (DL) cryptanalysis has been quite successful in attacking block ciphers, Serpent, in particular. At FSE 2014 Blondeau et al. provided a thorough analysis of its foundations. We gave a complete expression of the probability of the DL relation in terms of the differential probabilities of the first part of the cipher and squared correlations over the latter part of the cipher. We know by now that DL statistics can be derived from a truncated differential attack. In applications the simple models by Biham et al. [Asiacrypt 2002] and Lu [FSE 2012] are still widely used. The question how these simple ad hoc models relate to the theory was not yet addressed. In this talk I will identify some sufficient assumptions under which the previous models can be derived from our general model. These considerations have relevance in practice: cryptanalysts should know which properties of the cipher are sufficient to be validated in simulations, when using the models of Biham et al. or Lu. At the end of my talk I will discuss another statistical model of DL attacks, which is more efficient in terms of data complexity. Interestingly, this model captures also the average behaviour of boomerang probabilities. 4972b06e84e567d6b22ff71b0c5d0d6212b6c2af 814 812 2015-01-17T13:35:32Z Guest 4 wikitext text/x-wiki [[media:Nyberg.pdf|[slides]]] ''Title:'' Reverse-Engineering Hidden Assumptions in Differential-Linear Attacks ''Abstract:'' Differential-linear (DL) cryptanalysis has been quite successful in attacking block ciphers, Serpent, in particular. At FSE 2014 Blondeau et al. provided a thorough analysis of its foundations. We gave a complete expression of the probability of the DL relation in terms of the differential probabilities of the first part of the cipher and squared correlations over the latter part of the cipher. We know by now that DL statistics can be derived from a truncated differential attack. In applications the simple models by Biham et al. [Asiacrypt 2002] and Lu [FSE 2012] are still widely used. The question how these simple ad hoc models relate to the theory was not yet addressed. In this talk I will identify some sufficient assumptions under which the previous models can be derived from our general model. These considerations have relevance in practice: cryptanalysts should know which properties of the cipher are sufficient to be validated in simulations, when using the models of Biham et al. or Lu. At the end of my talk I will discuss another statistical model of DL attacks, which is more efficient in terms of data complexity. Interestingly, this model captures also the average behaviour of boomerang probabilities. 4800c74501651c122c2eec820bede7430df4ec06 6 526 815 2015-01-19T08:42:31Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 820 815 2015-01-20T10:02:37Z Guest 4 Guest uploaded a new version of &quot;[[File:Presentation.pdf]]&quot; wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 472 816 656 2015-01-19T08:43:23Z Guest 4 wikitext text/x-wiki title: Remarks on the data complexity of some statistical attacks [[media:Presentation.pdf|[slides]]] abstract: In this talk, we present some experimental results on multidimensional zero-correlation linear attacks and multiple zero-correlation linear attack. We show how, considering distinct known plaintexts, we can improve the complexity of multiple zero-correlation attacks. Some open questions related to the relation between differential and linear attacks are also discussed. 9dfdbbfa7bda6fd3415bcb0c21b36acfcd764559 0 527 818 2015-01-20T06:51:44Z Guest 4 Created page with "Research in symmetric cryptography in the last few years is mainly driven by dedicated high-profile open competitions such as NIST’s AES and SHA-3 selection procedures, ECRY..." wikitext text/x-wiki Research in symmetric cryptography in the last few years is mainly driven by dedicated high-profile open competitions such as NIST’s AES and SHA-3 selection procedures, ECRYPT’s eSTREAM project, or the ongoing CAESAR initiative. These focused competitions in symmetric cryptography are generally viewed as having provided a tremendous increase in the understanding and confidence in the security of these cryptographic primitives. However, the tremendous increase of submissions to such competitions reveal major problems related to analytical effort for the cryptographic community. To get a good view on the security margin of the various submissions automatic tools are needed to assist the cryptanalyst in his work. In this talk we present a framework that allows cryptanalysts to conduct an automated preliminary analysis on a potentially high number of authenticated encryption algorithms. The framework automatically parses the C-reference implementation, delivered in the submission to the CAESAR competition, into an abstract cipher representation. This representation can be combined with a tool specific adapter to transform the abstract cipher representation into the tool representation needed. This process works independent of the cipher given as input and can therefore be automatically applied to many different submissions. This saves the cryptanalyst time, which can be used to conduct dedicated analysis based on the preliminary results. The framework was demonstrated using three CAESAR submissions as an example. This is joint work with Christoph Hechenblaikner. 1930e3e78484a44fad14acda123b79f85d8a5125 819 818 2015-01-20T06:54:59Z Guest 4 wikitext text/x-wiki '''Title:''' Towards Automated Cryptanalysis of CAESAR Candidates '''Abstract:''' Research in symmetric cryptography in the last few years is mainly driven by dedicated high-profile open competitions such as NIST’s AES and SHA-3 selection procedures, ECRYPT’s eSTREAM project, or the ongoing CAESAR initiative. These focused competitions in symmetric cryptography are generally viewed as having provided a tremendous increase in the understanding and confidence in the security of these cryptographic primitives. However, the tremendous increase of submissions to such competitions reveal major problems related to analytical effort for the cryptographic community. To get a good view on the security margin of the various submissions automatic tools are needed to assist the cryptanalyst in his work. In this talk we present a framework that allows cryptanalysts to conduct an automated preliminary analysis on a potentially high number of authenticated encryption algorithms. The framework automatically parses the C-reference implementation, delivered in the submission to the CAESAR competition, into an abstract cipher representation. This representation can be combined with a tool specific adapter to transform the abstract cipher representation into the tool representation needed. This process works independent of the cipher given as input and can therefore be automatically applied to many different submissions. This saves the cryptanalyst time, which can be used to conduct dedicated analysis based on the preliminary results. The framework was demonstrated using three CAESAR submissions as an example. This is work in progress. This is joint work with '''Christoph Hechenblaikner'''. 2d918a38749fdcdeb3f30f8c42b952fcf8861530 6 528 821 2015-01-21T09:34:18Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 6 529 827 2015-01-25T21:01:22Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 416 828 823 2015-01-25T21:03:12Z Guest 4 wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[media:Pierrot_Discrete_logs.pdf|[slides]]] [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks [[media:Presentation.pdf|[slides]]] 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[media:Nyberg_rev.pdf|[slides]]] [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher [[media:Slide.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[media:Slides_ESC_2015.pdf|[slides]]] [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 [[media:Rc5-slides-esc2015.pdf|[slides]]] 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR. [[media:Sec_and_rob.pdf|[summary of the discussions]]] ''Closing ESC2015'' Prize for the [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] goes to [[Gaetan Leurent]] (reverse-engineering 5 round Feistel 8x8 S-box in 1 second on a PC) 12:00-14:00 ''Lunch'' 0a60e07e088fc98f2d413245aaf88e5100832c95 832 828 2015-01-27T14:28:16Z Guest 4 /* 13 January 2015 2nd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions [[media:Tmto.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[media:Pierrot_Discrete_logs.pdf|[slides]]] [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks [[media:Presentation.pdf|[slides]]] 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[media:Nyberg_rev.pdf|[slides]]] [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher [[media:Slide.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[media:Slides_ESC_2015.pdf|[slides]]] [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 [[media:Rc5-slides-esc2015.pdf|[slides]]] 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR. [[media:Sec_and_rob.pdf|[summary of the discussions]]] ''Closing ESC2015'' Prize for the [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] goes to [[Gaetan Leurent]] (reverse-engineering 5 round Feistel 8x8 S-box in 1 second on a PC) 12:00-14:00 ''Lunch'' 11c0334d7015e6327a2cd592c3295c3d730d0f99 835 832 2015-01-27T16:54:13Z Guest 4 /* 12 January 2015 1st day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[media:Caesar_classification.pdf|[slides]]] [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions [[media:Tmto.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[media:Pierrot_Discrete_logs.pdf|[slides]]] [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks [[media:Presentation.pdf|[slides]]] 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[media:Nyberg_rev.pdf|[slides]]] [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher [[media:Slide.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[media:Slides_ESC_2015.pdf|[slides]]] [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 [[media:Rc5-slides-esc2015.pdf|[slides]]] 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR. [[media:Sec_and_rob.pdf|[summary of the discussions]]] ''Closing ESC2015'' Prize for the [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] goes to [[Gaetan Leurent]] (reverse-engineering 5 round Feistel 8x8 S-box in 1 second on a PC) 12:00-14:00 ''Lunch'' d05405a75fe0ce7a768c8aa2f3909d09bcd2c89b 838 835 2015-01-30T09:20:07Z Guest 4 /* 14 January 2015 3rd day of the seminar */ wikitext text/x-wiki == '''12 January 2015 1st day of the seminar''' == 8:30-9:00 ''Welcome coffee/tea'' 9:00 Seminar start '''Session 1: Cryptanalysis (Chair Itai Dinur)''' 9:00-10:20 [[Willi Meier]]: Fast correlation attacks over extension fields (joint work with Bin Zhang and Chao Xu) [[media:Large-unit.pdf|[slides]]] [[Gregor Leander]]: Some insights in the Simon round function [[media:Simon_esc2015.pdf|[slides]]] AND Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows [[media:ShiftRows_esc2015.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Exotic implementation requirements (Chair François-Xavier Standaert), part 1''' 10:50-12:10 [[Joan Daemen]]: Spectral characterization of uniformity loss and application to Keccak, revisited [[media:NonUniformSharingAtESC.pdf|[slides]]] [[Dmitry Khovratovich]]: Design and analysis of memory-hard functions [[media:Esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Exotic implementation requirements (Chair François-Xavier Standaert), part 2''' 15:10 - 15:50 [[Michaël Peeters]]: Challenges in White-Box Cryptography [[media:esc2015-mip-wb_challenges.pdf|[slides]]] '''Session 4: Authenticated encryption and provable security (Chair Tetsu Iwata), part 1''' 15:50 - 17:10 [[Gilles Van Assche]]: Generic security of the keyed sponge [[media:KeyedSpongeAtESC.pdf|[slides]]] [[Reza Reyhanitabar]]: Boosting OMD for Almost Free Authentication of Associated Data [[media:POMD.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 5: Authenticated encryption and provable security (Chair Tetsu Iwata), part 2''' 17:40 - 19:00 [[Farzaneh Abed]]: Overview of the CAESAR Candidates for Authenticated Encryption [[media:Caesar_classification.pdf|[slides]]] [[Elena Andreeva]]: Authenticated Encryption and the CAESAR Competion [[media:AndreevaESCLux2015.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''13 January 2015 2nd day of the seminar''' == '''Session 1: Early topics (Chair Anne Canteaut)''' 9:00-10:20 [[Leo Perrin]]: On reverse-engineering S-boxes with hidden design criteria or structure [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] [[Media:Lpe-reverse-engineer.pdf|[slides]]] [[Gildas Avoine]]: Time-memory Trade-off Applied to Non-uniform Distributions [[media:Tmto.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Cipher design (Chair Henri Gilbert)''' 10:50-12:25 [[Frederik Armknecht]]: On Lightweight Stream Ciphers with Shorter Internal States [[media:Small-ESC_Armknecht.pdf|[slides]]] [[Christian Rechberger]]: About new cipher design 12:30-14:00 ''Lunch'' '''Session 3: CAESAR and Authenticated encryption (Chair Stefan Lucks)''' 14:10 - 16:50 [[Eik List]]: RIV: Decryption-Misuse-Resistant SIV [[media:Talk.pdf|[slides]]] [[Yu Sasaki]]: IV-FV Authenticated Encryption and Triplet-Robust Decryption [[media:Sasaki_ESC2015.pdf|[slides]]] Discussion on CAESAR selected topics, with introduction by [[Stefan Lucks]]. [[media:Caesar.pdf|[slides]]] 16:50 - 17:20 ''Break'' '''Session 4: Cryptanalysis (Chair Bart Preneel)''' 17:20 - 18:50 [[Cécile Pierrot]]: On discrete logarithms in finite fields [[media:Pierrot_Discrete_logs.pdf|[slides]]] [[Maria Naya-Plasencia]]: On impossible differential attacks [[media:ESC15.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''14 January 2015 3rd day of the seminar''' == '''Session 1: Complexity of attacks (Chair Antoine Joux)''' 9:00-10:20 [[Petr Susil]]: On algebraic attacks [[media:Susil.pdf|[slides]]] [[Céline Blondeau]]: Remarks on the data complexity of zero-correlation linear attacks [[media:Presentation.pdf|[slides]]] 10:00-10:30 ''Break'' '''Session 2: Reverse and forward engineering (Chair Carlos Cid)''' 10:30-11:40 [[Kaisa Nyberg]]: Reverse-engineering hidden assumptions in differential-linear cryptanalysis [[media:Nyberg_rev.pdf|[slides]]] [[François-Xavier Standaert]]: Updates on LS-designs and Algebraic Side-Channel Attacks 11:50-13:30 ''Lunch'' '''Free time in the afternoon''' Excursion 14:00 - 18:00. We will go to the Vianden Castle (40 mins with a bus). Arrive back at the hotel at 18:10 '''Rump session (Chair Michaël Peeters):''' 18:20-19:00 [[Rump session|[program and slides]]] 19:00 - 21:00 ''Dinner'' == '''15 January 2015 4th day of the seminar''' == '''Session 1: Post-Snowden authenticated encryption (Chair Serge Vaudenay)''' 9:00-10:20 [[Bart Preneel]]: Post-Snowden crypto [[media:Pdf.pdf|[slides]]] [[Tetsu Iwata]]: On Tweak Functions in CLOC [[media:ESC-Iwata-CLOC-09.pdf|[slides]]] AND More on Generic Composition [[media:ESC-Iwata-GC-09.pdf|[slides]]] 10:20-10:50 ''Break'' '''Session 2: Odds and ends (Chair Elena Andreeva)''' 10:50-12:20 [[Andrey Bogdanov]]: How Secure is AES under Passive Trojans? [[media:Aes-and-its-patrons.pdf|[slides]]] [[Florian Mendel]]: On cryptanalysis of CAESAR candidates [[Carlos Cid]]: Algebraic Algorithms for the Learning with Errors (LWE) problem [[media:Lwe-esc2015.pdf|[slides]]] 12:30-14:00 ''Lunch'' '''Session 3: Cryptanalysis and bounds (Chair Gilles Van Assche)''' 15:10 - 17:10 [[Anne Canteaut]]: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks [[media:Slides.pdf|[slides]]] [[Gaetan Leurent]]: On cryptanalysis of the Chaskey MAC [[Media:slides-chaskey.pdf|[slides]]] [[Itai Dinur]]: New Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions [[media:Fx.pdf|[slides]]] 17:10 - 17:40 ''Break'' '''Session 4: More on authenticated encryption (Chair Andrey Bogdanov)''' 17:40 - 19:00 [[Kan Yasuda]]: Incremental authenticated encryption II [[Kazumaro Aoki]]: Observations on Proest and Minalpher [[media:Slide.pdf|[slides]]] 19:00 - 21:00 ''Dinner'' == '''16 January 2015 5th day of the seminar''' == '''Session 1: Cryptanalysis (Chair Florian Mendel)''' 9:00-10:25 [[Thomas Peyrin]]: Cryptanalysis of JAMBU [[media:Slides_ESC_2015.pdf|[slides]]] [[Vesselin Velichkov]]: On Improving the Data Complexity of Attacks on RC5 [[media:Rc5-slides-esc2015.pdf|[slides]]] 10:30-11:00 ''Break'' '''Session 2: CAESAR''' 11:00-12:20 Some more discussion on CAESAR. [[media:Sec_and_rob.pdf|[summary of the discussions]]] ''Closing ESC2015'' Prize for the [https://www.cryptolux.org/index.php/ESC_2015_Challenge (Reverse-engineering challenge)] goes to [[Gaetan Leurent]] (reverse-engineering 5 round Feistel 8x8 S-box in 1 second on a PC) 12:00-14:00 ''Lunch'' a72ce46beeb793fd4bf65a1c881eec90e6e205a0 0 474 829 814 2015-01-25T21:03:51Z Guest 4 wikitext text/x-wiki [[media:Nyberg_rev.pdf|[slides]]] ''Title:'' Reverse-Engineering Hidden Assumptions in Differential-Linear Attacks ''Abstract:'' Differential-linear (DL) cryptanalysis has been quite successful in attacking block ciphers, Serpent, in particular. At FSE 2014 Blondeau et al. provided a thorough analysis of its foundations. We gave a complete expression of the probability of the DL relation in terms of the differential probabilities of the first part of the cipher and squared correlations over the latter part of the cipher. We know by now that DL statistics can be derived from a truncated differential attack. In applications the simple models by Biham et al. [Asiacrypt 2002] and Lu [FSE 2012] are still widely used. The question how these simple ad hoc models relate to the theory was not yet addressed. In this talk I will identify some sufficient assumptions under which the previous models can be derived from our general model. These considerations have relevance in practice: cryptanalysts should know which properties of the cipher are sufficient to be validated in simulations, when using the models of Biham et al. or Lu. At the end of my talk I will discuss another statistical model of DL attacks, which is more efficient in terms of data complexity. Interestingly, this model captures also the average behaviour of boomerang probabilities. 99c5b871d876a8b8d5f0ba666a4ce5a302be3de1 6 530 830 2015-01-27T14:27:32Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 422 831 560 2015-01-27T14:28:02Z Guest 4 wikitext text/x-wiki Title: Time-memory Trade-off Applied to Non-uniform Distributions [[media:Tmto.pdf|[slides]]] Abstract: Cryptanalytic time-memory trade-offs (TMTO) were introduced by Hellman in 1980 in order to perform key-recovery attacks on cryptosystems. A major advance was presented at Crypto 2003 by Oechslin, with the rainbow tables that outperform Hellman's seminal work. After introducing the cryptanalytic time-memory trade-offs, we will present in this talk a technique to improve the efficiency of TMTOs when considering non-uniform distributions, e.g. to crack non-uniformly distributed passwords. 863bd73cab627fc394db3c184d98944e976de063 6 531 833 2015-01-27T16:53:29Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 421 834 559 2015-01-27T16:54:01Z Guest 4 wikitext text/x-wiki Farzaneh Abed: Overview of the CAESAR Candidates for Authenticated Encryption [[media:Caesar_classification.pdf|[slides]]] Abstract: The ongoing CAESAR competition aims at finding authenticated encryption schemes that offer advantages over AES-GCM and are suitable for widespread adoption. At the moment, 50 remaining first-round submissions go through an intensive review, analysis and comparison process. While the cryptographic community benefits greatly from the manifold different submission designs, their pure number implies a challenging amount of study. As part of a remedy, we provide an easy-to-grasp overview over functional aspects, security parameters, and robustness offerings of the CAESAR candidates, clustered by their underlying designs (block-cipher-, stream-cipher-, permutation-/sponge-, compression-function-based, dedicated). 291c311a79fd980536863488d723947fe6541d5b 6 532 836 2015-01-30T09:19:19Z Guest 4 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 533 837 2015-01-30T09:19:52Z Guest 4 Created page with "title: On algebraic attacks [[media:Susil.pdf|[slides]]]" wikitext text/x-wiki title: On algebraic attacks [[media:Susil.pdf|[slides]]] 68065f0a16fcaca2705e2553ab7cc5f3ba81f45b 0 534 839 2015-04-28T08:22:24Z Yann 1 Created page with "__NOTOC__ [[media:proceedings_esc2015.pdf | ESC 2015 Proceedings]]" wikitext text/x-wiki __NOTOC__ [[media:proceedings_esc2015.pdf | ESC 2015 Proceedings]] ad5789a6bd10b41752d5c963b620054bcdf542b3 6 535 840 2015-04-28T08:22:46Z Yann 1 wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 842 840 2015-04-30T12:23:08Z Yann 1 Yann uploaded a new version of &quot;[[File:Proceedings esc2015.pdf]]&quot; wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 843 842 2015-05-04T07:46:16Z Yann 1 Yann uploaded a new version of &quot;[[File:Proceedings esc2015.pdf]]&quot; wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 844 843 2015-06-01T10:40:55Z Yann 1 Yann uploaded a new version of &quot;[[File:Proceedings esc2015.pdf]]&quot;: Corrected typo (symetric -> symmetric) wikitext text/x-wiki da39a3ee5e6b4b0d3255bfef95601890afd80709 0 3 841 552 2015-04-28T08:24:39Z Yann 1 /* Proceedings */ wikitext text/x-wiki __NOTOC__ [[Image:clervaux.jpg‎|400px|thumb|Clervaux]] == Early Symmetric Crypto (ESC) 12-16 January 2015 in Clervaux, Luxembourg == Early Symmetric Cryptography (ESC) is a bi-annual event ([https://www.cryptolux.org/mediawiki-esc2008/index.php/Home 2008], [https://www.cryptolux.org/mediawiki-esc2010/index.php/ESC_2010 2010], [https://www.cryptolux.org/mediawiki-esc2013/index.php/ESC_2013 2013]) taking place in Luxembourg and paired with Dagstuhl seminars ([http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=07021 2007], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=09031 2009], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=12031 2012], [http://www.dagstuhl.de/en/program/calendar/semhp/?semnr=14021 2014]) on symmetric cryptography. Cryptography deals with secure communication in adversarial environments as well as protecting information in storage. It is the key ingredient of information security. Applications such as electronic commerce, e-banking, secure communications (ex. mobile phones, Skype, etc.) are made possible due to advances in applied cryptography. The seminar is concentrating on: * symmetric primitives (block and stream ciphers, message authentication codes and hash functions), and * complex cryptosystems and cryptographic protocols employing these primitives * algorithmic challenges in public and symmetric cryptography. The aim of the workshop is to bring together leading experts and talented junior researchers and to let them exchange ideas, open problems in an informal atmosphere. === Program Chairs === [https://www.cryptolux.org/index.php/Alex_Biryukov Alex Biryukov] [http://jda.noekeon.org/ Joan Daemen] [http://www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks/ Stefan Lucks] [http://lasecwww.epfl.ch/~vaudenay/ Serge Vaudenay] === The List of topics === * Authenticity, Integrity, Privacy, Block Ciphers, Stream Ciphers, Hash Functions, Authenticated Encryption, Lightweight crypto, Provable Security, Cryptanalysis * RFID protocols, crypto standards for Internet of Things * Algorithmic challenges in SK and PK crypto (algorithmic cryptanalysis, lattices, multivariate crypto, factoring, etc.) Special sub-topics that will be explored this year are: *Evaluation of submissions for the authenticated encryption competition ([http://competitions.cr.yp.to/caesar.html CAESAR]) sponsored by NIST. *Evaluation of candidates for the currently running [https://password-hashing.net/ password-hashing competition]. *Design and analysis of lightweight cryptography (see also [https://www.cryptolux.org/index.php/ACRYPT_%28CORE/FNR/SnT%29 ACRYPT] project). === Program === Here is the [https://www.cryptolux.org/mediawiki-esc2015/index.php/Seminar_program seminar program] === Proceedings === [[media:proceedings_esc2015.pdf | ESC 2015 Proceedings]] === Venue === The conference will be held at the hotel [http://www.interclervaux.lu/?lang=en International] in Clervaux, a medieval town in Luxembourg in the [http://en.wikipedia.org/wiki/Ardennes Ardennes]. Please contact the [http://www.interclervaux.lu/?lang=en hotel] for the booking. Please put <fabienne.schmitz@uni.lu> in CC. Hotel prices: Single room : 85 € Double room : 105 € Price includes breakfast, free WiFi, access to wellness (swimming pool, sauna, hammam, fitness). We cover lunches, dinners and venue costs. There are no registration fees. === Tourism === *Clervaux castle *Vianden castle (organized excursion is planned) *Hikes === Weather === Typical temperatures in Luxembourg in January are -2 -- +10. Take a good rain coat and hiking shoes if you want to explore the surroundings. === Sponsors === This event is sponsored by the [http://www.fnr.lu Fonds National de la Recherche Luxembourg] and by the [http://lacs.uni.lu Laboratory of Algorithmics, Cryptology and Security] [[Image:Fnr_logo_web.jpg‎|200px|FNR logo]] [[Image:LACS-logo.jpg‎|200px|LACS logo]] 88c4f602b2f2118ab491e22e42c7d692597d025a